PODCAST: Why small- and mid-sized businesses should strongly consider using an MSSP

June 2nd, 2017

By Byron Acohido

How Armor got started stands out. Founder and CEO Chris Drake was serving as a paratrooper in the U.S. Army’s 82nd Airborne Division based out of Fort Bragg, North Carolina, when he was selected to build some of the Army’s first private and secure websites.

After his military service, Drake started a marketing and web development company focused on securing critical data and systems for commercial websites. One day a well-known poultry company came to Drake for help responding to a major security breach around the holiday season, a breach that impacted its customers at a particularly bad time.

Filling a need

Drake couldn’t find a provider that offered a level of security he felt the poultry company really needed, so he set out to develop a purpose-built secure cloud hosting platform. That technology now is at the heart of a managed security service Armor provides for some 1,200 clients in 45 countries.

I recently spoke with Wayne Reynolds, Armor’s vice president of security operations, who outlined for me how Armor’s sweet spot has turned into helping organizations add a robust layer of security to cloud infrastructure services.

Small- and medium-size businesses, in particular, are increasingly relying on network infrastructure services residing in the internet cloud—supplied as a pay as you go service by the likes of Amazon, Google and Microsoft Azure.

“We take what the cloud service providers give you as a base offering, and we put it on steroids, specifically around a security play,” Reynolds says. “We will deploy anti-virus solutions for you, we will deploy file integrity monitoring, we will capture all those logs from those firewalls, or from the endpoints themselves, and analyze them and tell you what’s going on. We will also proactively go back in and try to put preventive measures in place.”

Patch was a priority

As an example of how focused Armor is on security, the vendor recognized that a Windows security patch Microsoft issued for older Windows systems in late April was a very hot potato.

So it made it a priority to install the patch on its customers’ systems well before the creators of the WannaCry malware released a landmark ransomware worm that sought—and encrypted—hundreds of thousands of unpatched Windows machines. Most, if not all, of Armor’s customers thus were unaffected. And for good measure, Armor also made available a 14-day environmental snapshot that would have allowed restoration of any encrypted machines, had there been any among its clients.

Helping protect SMBs

Armor is one of several prominent vendors proactively pitching managed security services, particularly to SMBs. Others include Dell SecureWorks, ClearDATA, Alert Logic and Rackspace. These vendors recognize that for smaller organizations, maintaining a strong security posture has long since become far too complex and cumbersome.

On the other hand, SMBs quite often will begin shopping for a managed security service provider in order to satisfy compliance standards, such as the Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPAA.) But in today’s threat environment that’s not nearly enough; it really takes a focused security team to limit the damage intruders can do.

“Compliance is a foundation,” Reynolds says. “It’s that black and white layer of things you have to do. In order to mitigate threats, you need to start adding more layers of security above the compliance baseline.”

For a deeper drill down, please listen to the accompanying podcast.

(Editor’s note: This article originally appeared on ThirdCertainty.com.)