Challenge: Replacing the MSSP “Call Center”
Premise Health provides healthcare services via employer sponsored healthcare. With the increase in virtual visits due to the COVID-19 pandemic, Premise Health was already ahead of the curve as an early adopter of virtual visits for traditional and behavioral healthcare for their customers. Rather, the biggest challenge facing Premise Health’s Security Operation Center (SOC) was shifting their staff from traditional office locations to home offices. Jim Hofstee, the AVP Security Assurance and Operations, understood the need for better analysis, more relevant sources, and 24/7 detection and response support.
To capitalize on Premise Health’s investment in the Splunk Enterprise Security (ES) suite, the security team hired a Splunk data scientist who had the skills to build a strong and redundant Splunk environment. The work in Splunk and ES allowed the SOC Manager and her team to use Splunk as a Security Incident and Event Management (SIEM) system. Premise Health’s Splunk SIEM is able to manage the intricacies of the business, the disparate systems that send logs to it, and understand Premise Health specific procedures which log user behaviors, monitor the SIEM itself, properly triage alerts, and start work streams to manage security events.
Since Premise Health is a prime target for threat actors, the leadership team had a long-term relationship with a Managed Security Service Provider (MSSP) to monitor 24x7x365 when the team was not looking. Alas, the existing MSS provider in place was not able to continue a supportive relationship with Premise. The incumbent MSS’s rapid expansion and lack of analyst experience morphed over time into a model that did not meet Premise’s needs. As a result, the initial MSS went from being a trusted partner to a security event ticketing system.
Evaluation: 7 Questions for the MSSP RFP
Premise Health evaluated five MSS providers including Deepwatch. This was an important strategic decision that warranted careful evaluation of all options.
The Premise Health team took their time to evaluate the MSS providers and to answer a seven critical questions to determine which provider could best provide the MDR solution:
- Will the partner learn and understand our systems and our business?
- Will the partner understand what tier 1, tier 2 and tier 3 event escalation looks like, and have the capability to triage events appropriately
- Will the partner collaborate with us to help improve and mature our SOC and our security posture?
- Will the partner navigate the complexity of our systems, logs, and user behavior?
- Is the partner equipped and organized to support our unique needs and contribute to our customer-centric mission?
- Will the partner work with our existing systems, or are they selling a product thereby forcing their customers to re-tool?
- Will the partner supplement our SOC by focusing on external threats, so that we can focus internally on patient, business, and mission critical asset security?
“Most MSS providers said they could do everything and meet all of our unique criteria. But when we probed, they simply couldn’t,” stated Jim. “They said they could learn our whole business, but their services model didn’t allow for that level of integration. Most of the MSS providers in the market just didn’t make sense for us. Deepwatch was the only MSS that had the right mix of capabilities and flexibility for Premise Health.”
Outcome: Deepwatch MDR with Splunk Expertise
The cybersecurity leadership team at Premise Health had been working with GuidePoint Security for a number of years to select and deploy security technologies at Premise Health. This allowed the AVP to watch Deepwatch evolve from its vSOC days at GuidePoint as the business grew successfully and spun out as an independent company. “Deepwatch leadership saw what worked and what didn’t. They came from large organizations and experienced how businesses and SOCs use MSSPs at scale. They understand the shortcomings with most MSSPs and they designed the Deepwatch MSS to be different,” said Jim.
Deepwatch met with Premise Health leadership to discuss objectives and create a highly tailored strategy to enhance their security maturity. Deepwatch’s SecOps platform provided comprehensive, 24/7/365 coverage for every aspect of Premise Health’s SOC. Flexible deployment and smooth onboarding made the process as efficient as possible. Deepwatch Experts ensured collaboration and check-ins with the customer every step of the way. From start to finish, Deepwatch merged their advanced technology with relentless service to provide a comprehensive solution that worked to meet Premise Health’s needs.
“The Deepwatch service delivery model, technology platform, and their collaborative approach sealed the deal for us,” noted Jim on the final selection of Deepwatch MDR.
The Security Operations team selected Deepwatch based on Deepwatch’s ability to meet Premise Health’s criteria in the following ways:
- Splunk Expertise – The Deepwatch SecOps Platform
- Flexible Deployment and Process Integration
- Trusted Security Partnership
- Open Communication & Transparent Collaboration
- Smooth On-boarding
Results: Healthcare Information Security Outcomes Improved
Deepwatch and Premise Health have continued to work together since 2019, with Deepwatch providing best-in-class Managed Detection and Response services by:
- Managing the security intricacies of Premise Health’s business, data, systems, and network Partner and collaborate with their SOC to have eyes on glass 24x7x365
- Supporting Premise Health’s Splunk instance and not force them into a different model
- Helping Premise mature their SOC, security posture, and cyber defense capabilities
The joint focus on customer experience has enabled both companies to grow, expand, and mature their cyber defense capabilities at an unmatched rate. Deepwatch and Premise Health look forward to continuing a strong partnership to drive innovation in the healthcare cybersecurity industry. Download the full case study to learn more about our partnership with Premise Health.