SolarWinds expands into a new element of security for both on-prem and MSP customers with a light SIEM that also happens to be a very effective threat detection tool.
It’s a SIEM! No, it’s a SOC-as-a-service! No, it’s threat detection security software! No, it’s threat monitoring software. It’s actually the technology that SolarWinds has just obtained through its acquisition of Trusted Metrics. And it really is all these things – a solution that Trusted Metrics built and took to market, but which SolarWinds thinks has broader potential than its creators had conceived. Accordingly, it has been rebranded and repositioned by its new owners as a threat monitoring and hunting tool.
“Trusted Metrics combined a bunch of security tools – log management, log correlation, host intrusion detection, network intrusion detection, and intelligence feeds – and turns all of that into an alarm,” said Denny LeCompte, SVP Product Marketing at SolarWinds.
SolarWinds has many security offerings, but LeCompte said that they have not had anything quite like this.
“As security has gone from being something that got minimal attention from SMBs beyond putting up a firewall and anti-virus, to being panicked that hackers could wreak havoc on their business, or ransomware could shut them down, both our partners and our corporate customers wanted a threat detection tool,” he indicated. “The Trusted Metrics tool can be best seen as a light SIEM that detects threats inside the firewall. What we have had before in security are prevention or hygiene solutions. With a product like this, you accept that you will be breached at some point, and have a defense to limit the damage when the breach takes place.”
LeCompte said that the value of the Trusted Metrics offering has been obscured somewhat by how it has been marketed and positioned. Trusted Metrics positioned it as a SOC-as-a-service for enterprises – notwithstanding the fact that they increasingly pitched it to security-focused MSPs serving SMBs. Their website had multiple and sometimes contradictory references to the product and what it did, stemming from obsolete material still being live there.
“The way they talked about it on their website is not the way that we talk about it,” he said. “They are great engineers, but they have not had clear messaging or proper marketing. We would talk about it differently. It is a SIEM – but it’s not just a SIEM. SIEM has become something of a dirty word, but this solution does much more.”
SolarWinds’ rebranding of the product as SolarWinds Threat Monitor indicates how they perceive it, and are positioning it – as an automated tool to reduce the complexity of threat detection, both for on-prem IT operations teams, and for MSPs and MSSPs. The unified platform includes automated threat hunting, active response to security incidents, and audit-ready reports.
“Our mission at SolarWinds is to provide tools to technical people, whether at MSPs or in corporate IT,” LeCompte said. “We wanted something that was simple, powerful and affordable. We looked at a number of players in this space, and found that this solution was simple, and had a lot of functionality. Most small security companies are focused on getting big wins with large enterprises, and don’t care much about the small guys. We found that many companies in this area had gone the route of big enterprise, which shows up with clunky one-off features which got into the product because a big customer had requested them for a specific use case. When you get a company that has gone down that path, the product gets ‘enterprisey,’ and not easy to use. There is a tendency to rely on professional services to solve issues. We don’t use professional services, so we can’t take that route. The way that Trusted Metrics built this is the way that we would have built it ourselves.”
LeCompte noted that the origin of the Trusted Metrics solution was very similar to SolarWinds own origins.
“Our first product was a network engineering tool that our founder built with the specifics that he wanted. Their founder, Michael Menefee, was an MSP who had a security provider, and he got upset with their product, and built this for his own use. It’s very practical, and very straight-forward, and something that we can repackage for both our on-prem and MSP clients.”