RocketCyber has added a managed firewall log analysis service to its threat monitoring platform for MSPs.
Called the Firewall Log Analyzer and available now, the new service feeds firewall data directly to RocketCyber’s security operations center. At present, the system supports products from Cisco Meraki, Fortinet, SonicWall, Sophos, and WatchGuard.
“We have a direct integration with them,” says RocketCyber President Billy Austin. “Literally, it’s flip on the switch. That data then comes into the RocketCyber console and it allows all of our security analysts to start analyzing all those events real time around the clock to see if there’s anything that’s circumventing the firewall [or] evading those defenses.”
The service inspects outbound as well as inbound traffic. “The attackers may already have some type of persistence or presence inside the network,” Austin notes.
When it finds a low-severity issue, the RocketCyber system automatically adds a remediation ticket to a subscriber’s PSA solution. MSPs receive a phone call or text message immediately if the service detects a ransomware attack or other high-risk event.
Analysts who spot an improper configuration setting or missed opportunity to embrace best practices will make proactive recommendations to subscribers as well. “Sometimes we’ll make recommendations that you need to enhance your rule set,” Austin says.
Subscriptions to Firewall Log Analyzer cost a flat $4 per firewall per month, a price that according to Austin puts a critical security capability within reach of MSPs. A SIEM product can monitor aggregated logs from multiple sources as well, he notes.
“However, it takes an 18 wheeler to be able to go out and deploy it, or it costs a lot of money,” Austin says. “What ends up happening is these guys just miss logging capabilities because there is no solution out there’s that cost affordable.”
Moreover, channel pros with the funds to afford a SIEM solution often have trouble interpreting the data it produces, leaving their customers exposed to a blind spot.
“Continuous monitoring is a must to be able to combat these threats that we’re facing today,” Austin says.
RocketCyber itself had a blind spot in its coverage until Firewall Log Analyzer’s introduction. According to Austin, the three main ways attacks impact end users are through the cloud, through the endpoint, and over the network. RocketCyber’s family of mix-and-match RocketApps has included endpoint security systems since the vendor opened its doors in November 2018, and three solutions for Microsoft Office 365 environments rolled out earlier this month.
“Historically, we were missing that network telemetry,” Austin says. “We’re not finished there, but it definitely helps provide better complete visibility.”
Channel pros can run RocketApps themselves or outsource that task to RocketCyber’s managed SOC service. Recent additions to the RocketApps family include the command-and-control solution for Windows Defender that debuted last August.
At present, RocketCyber has more than 200 MSP partners.