With its roots in providing a big data security-as-a-service platform to Fortune 100 organizations, Piscataway, N.J.-based BlackStratus has set its sights on midsize companies with CYBERShark, offered to MSPs as a fully managed, white-label solution for “hundreds of dollars a month,” says Dale Cline, the company’s CEO.
What’s unique about the BlackStratus solution, explains Cline, is that it manages large data sets and correlates information in real time. Like other technologies, CYBERShark sees “events,” such as someone trying to get on the network with the wrong password 10 times and succeeding on the 11th, or a firewall is being flooded with authorization requests to shut it down.
But CYBERShark also has the ability to see “incidents,” meaning it detects the firewall attack and a failed authorization on another part of the network, and data being extracted out to the IP ranges that were attached to part of the failed authentication. “We would tie those three things together and say, ‘We think what’s going on here is the failed authorization is a distraction," says Cline. "They did a couple of password cracks and came in the back door, and now they’re extracting data.’”
Here’s how it works: A customer’s security event data—login information and authentications—is sent to the BlackStratus cloud where it is correlated against what’s happening in that customer’s environment with what the company sees in a more macro context. A “plain English” trouble ticket is sent to the partner that contains both the problem and how it was determined.
No security background is required to understand the ticket. BlackStratus provides training on its partner portal and how to send customer data to its cloud. “But quite frankly,” says Cline, “there’s no specialized training they need outside of a normal IT capability that they’re providing their customer today.”