RSA 2016 Interview with CompliancePoint
In this video, David Greenwell from CompliancePoint discusses why his team chose AlienVault USM as one of the pillars of their remediation services program.
DAVID: I am David Greenwell, and I am with CompliancePoint, and we basically are an auditing company and we offer mediation services and I run that remediation services group.
AV SPEAKER: Excellent. So a lot with HIPAA compliance and health care and stuff like that?
DAVID: Exactly, yes,
AV SPEAKER: So what are some of the trends that you are seeing that are driving not only security, but CompliancePoint from a business standpoint?
DAVID: Right, so I guess the biggest thing that drives us is we do a lot of these security audits and the clients that we deal with a lot of times are looking at a security standard for basically check the box, and they are not looking at an overall security architecture or anything like that. They want to get through the audit, pass, and get that certificate and then really not getting a cohesive security model in place.
AV SPEAKER: So obviously you trust AlienVault as one of your pillars of your services that you are offering. Why did you choose AlienVault, and from a compliance standpoint, what advantages does it give you?
DAVID: Right, so basically again, going back to the check the box kind of scenario, we have piecemeal products for SIEM logging and different things that you are required to do. There are daily reviews that you have to do, things like that. People would do that, and there is no real focus on, “Well, I saw something here. Does that relate to here?” When we came across AlienVault and saw some of the threat analytics that are built into the product, we felt it would be an excellent solution for our customers.
AV SPEAKER: So are you finding that folks are coming to you to supplement their existing security architecture like you said before, like you said before, “Predominantly I deal with health care information. I need to check the box.”
DAVID: Yes, so a lot of them don't have a good security platform built and they don't have the resources to do it so what we do is provide that service for them. So we have got our own guys with the eyes on the glass watching the system alerting up to their IT guys as far as any issues we see, things like that.
AV SPEAKER: Other than compliance checks, do you offer any other services or are you interested in offering any other services in the future or tell us anything about that?
DAVID: Yes, so we have got another team that does basically vulnerability and penetration testing. They have got some white hat guys that are really good about breaking into systems, so we actually do that with AlienVault in place and we can show the customer what AlienVault is going to catch for them.
AV SPEAKER: Excellent. Well, that's about all I have. Any words of wisdom for MSSPs that are starting out or maybe managed service providers that are just now getting into security?
DAVID: Basically, I think you have got to look at the solution that you are using and get the appropriate people in place to manage it and implement it and hold the customer's hands basically on getting it installed and running. So that has been our biggest challenge, is finding the right people to get that done and then do the analytics on the back end side.
AV SPEAKER: Which seems to be a lot of the problem. It is the people problem.
DAVID: Exactly. So that is what our customers are facing, and what we can do is basically tell the customers that we have got the people in place that already and they don't have to go in and find them.