NetSource One Chose Blumira SIEM for MSPs

Since 1999, NetSource One has served over 1,000 clients in Michigan and throughout the United States, providing premium customized information technology solutions. Their team is composed of highly skilled security, hardware, network, and operating systems planners, engineers, installation specialists and support personnel. Read on to learn why NetSource One chose Blumira SIEM for MSPs.

The Challenge: Keeping Up with Threats & Protecting Their Clients

NetSource One was previously using FortiSIEM with StratoZen, a SIEM and SOC-as-a-Service, endpoint and data protection solution built for MSP security that was recently acquired by ConnectWise. NetSource One was sunsetting its partnership with StratoZen and was on the lookout for a replacement.

Chris Lewis, NetSource One’s information security manager, oversees all managed security offerings at the company with a team of seven IT professionals that have migrated into information security.

Always-evolving threats, alert fatigue, and the complexities of trying to manage a growing cloud presence are some of his daily challenges. The team needed a better solution that would make it easy for them to review SIEM alerts and take intelligent action on them to help protect their clients against security threats.

The banking compliance regulations enforced by the FFIEC influenced NetSource One’s decision to find an efficient SIEM for detection and response. Additionally, many of their clients needed to meet compliance requirements like SOC 2, HIPAA and CMMC.

The Solution: Faster, User-Friendly Security for MSPs

Lewis heard about Blumira through the online information security (infosec) community and reached out to set up their free NFR (not-for-resale) account with Blumira to assess it.

“The speed and user-friendliness of Blumira is head and shoulders above StratoZen. The ability to manage things all on our own, as well as the introduction of the MSP console and Detection Filters has been huge for us in terms of deployment,” said Lewis.

NetSource One looked at several solutions before StratoZen, including Perch.

“For us, there were two negatives. Number one was cost, and number two was that they’re really stuck in the traditional SOC model of having a human look through all of the alerts first and decide what should be escalated. The automated capability of Blumira was head and shoulders above the competition,” Lewis said.

For them, the biggest factor was trying to not exceed what their existing client base was paying, as they went through the process of transitioning out of StratoZen. The competition was double, sometimes triple what they were previously paying. NetSource One wanted to keep their price point as close as possible to their previous offering, while offering greater value.

Easy, Quick Client Deployment & Reduced Alert Fatigue

Internal implementation and deployment was a breeze to set up with Blumira, their tech stack, which was mostly Microsoft Windows with Active Directory (AD), FortiGate firewalls, Ruckus wireless and cloud applications like SentinelOne, Microsoft 365 and Duo Security’s 2FA (two-factor authentication).

“It was very easy and very straightforward – we were able to basically go live almost instantly,” Lewis said. “It’s really easy to set up a new integration and the alerts work as expected.”

NetSource One also found immense value in the ability to quickly deploy Blumira’s solution for their clients using Blumira’s MSP-specific portal and features designed to expedite setup and onboarding time.

“With the MSP portal, we had a new client that went from zero to 90% complete in a matter of hours. We’ve experienced greatly improved setup and workflow time, streamlining everything from the beginning to end.”

One recently-added feature, Detection Filters, gives organizations the ability to prevent triggering alerts based on their organization’s known safe, normal or expected activity.

“The speed of deployment is really phenomenal. Detection Filters helped immensely with fine-tuning rules at rollout. The noise level is considerably lower. All of that feeds back into lowering the alert fatigue threshold, trying to keep my team treading water and not drowning in alerts,” Lewis said.

To reduce noisy alerts, Blumira’s findings are written, evaluated and tuned by our in-house incident detection engineers, identifying real attacker behavior and sending prioritized alerts to clients. This automated work helps focus small IT teams’ attention on critical threats to better prevent ransomware and data breaches.

24/7 Security Operations Support for Urgent Issues

A Security Operations Center (SOC) is an information security team responsible for monitoring and analyzing an organization’s security posture on an ongoing basis. Their goal is to detect, analyze and respond to cybersecurity incidents using a combination of technology solutions and a strong set of processes.

SOCs can be internal and run by the organization themselves or outsourced to a third party. However, the cost and upkeep of running an internal SOC, hiring, and training security analysts, monitoring logs 24/7 is a major barrier to entry for small or mid-sized organizations. To reduce SOC costs and human resources for MSPs, Blumira combines automated detection and response with security support as needed.

“While not the traditional model, I absolutely think of Blumira as an outsourced SOC because you have a SecOps team available and we’re able to reach out when alerts come in,” Lewis said.

Blumira’s SecOps team provides security advice and guidance on findings for NetSource One’s clients, with 24/7 support for urgent priority issues. Blumira’s platform automates the log review process, analyzing clients logs for unusual and suspicious activity, then alerting them in under a minute. The platform also provides remediation process guidance to help organizations respond faster to incidents.

Are you looking to replace a SIEM, or would you like to learn more about how Blumira can help your business? We would love to talk with you.