How Secureworks Created Taegis Security Operations & Analytics Platform

_{John Boyd Dunlop's first pneumatic bicycle tire (National Museum of Scotland)

Photo by user:geni, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=53539981}

Summary

As the classic philosopher Plato wrote in Republic: “Our need will be the real creator.” Many inventions and business successes, like Dunlop’s pneumatic tires, stem from needs that conventional approaches can’t address
Secureworks created Taegis Security Operations and Analytics platform to meet the requirements of our experts who needed to protect complex customer environments against sophisticated threats and found existing security tools lacking
With Secureworks expertise built in, Taegis is now protecting organizations all over the world

In the late 1880’s, John Boyd Dunlop, a veterinarian, inventor, and businessman from Scotland, bought his son a tricycle. As the boy rode the metal-wheeled tricycle down the cobblestone streets of Belfast, Ireland where the family lived at the time, he was displeased with the bumpy ride and the extensive pedaling he had to do because the tricycle did not roll well. Unaware of a good alternative to hard tires or other means to improve his son’s riding experience, Dunlop created pneumatic tires filled with air. New tires cushioned his son’s ride and rolled significantly better, reducing the amount of pedaling and making riding a tricycle fun for the child.

Some 130 years later, Secureworks experts performing managed detection and response and consulting services for customers, needed an effective way to monitor customer organizations’ attack surfaces and rapidly detect and respond to threats coming from multiple vectors. Our analysts found security tools available on the market lacking the required capabilities, such as delivering comprehensive visibility into customer environments, the capacity to ingest and analyze telemetry from multiple sources, and the speed to effectively respond to incidents across customer IT infrastructure. So, we ended up creating what was missing.

Unlike Dunlop, the veterinarian who had little knowledge of pneumatics and materials science that were key to his invention, Secureworks had a strong foundation to build on. Twenty years of elite experience running global SecOps centers, researching and responding to a constantly shifting threat landscape, and overcoming the frustrations common to security operations directly inspired what Taegis has become. All Secureworks expertise and know-how went into Taegis, the massively scalable cloud-native security operations and analytics platform that our experts now use to defend customers. With Taegis, they gain single-pane-of-glass view into the attack surface and actionable, timely insight based on the analysis of telemetry from network, cloud, endpoint, email, and other security data sources, as well as vulnerability information and curated threat intelligence. As a result, Secureworks analysts can detect and respond to more real threats sooner.

When a cyclist with Dunlop’s tires on his bicycle started winning numerous races, John Boyd Dunlop quickly realized that his invention could benefit countless people—not just his own family and friends. As a result, millions of people using bicycles, cars, and other means of transportation, extract value from his invention daily. Similarly, Taegis first proved instrumental to Secureworks’s ability to safeguard customers from global cyberattacks featuring the Sunburst backdoor, Supernova malware, the Microsoft Exchange zero-day, REvil and Ryuk ransomware, and many others. In the process of defending against these threats, we realized Taegis was too powerful to keep to ourselves. So, we decided to make it available to customers and partners so they could better protect themselves. Today, Taegis is at the heart of security operations at organizations all over the world.

Here is a real-life example of the difference Taegis makes. Recently, a customer’s employee clicked on a link in an e-mail which downloaded and executed a malicious script. Almost immediately, the customer’s third-party endpoint security product and Taegis XDR both triggered an alert. However, the endpoint product alerted on the same issue hundreds of times across 30 different systems that were affected. Using the same data, Taegis focused on the behavioral aspect of the event, only alerting the company once with the real threat. In addition, the attacker had successfully loaded a remote access tool on to the system, moving beyond the visibility of the endpoint product. Taegis identified this attack pattern and cut off the intruder with no harm to the customer. This is why Taegis is so powerful. It fills the gaps in visibility between point products that adversaries exploit, providing a truly holistic defense.

Learn more about the Taegis platform and products and how they help organizations like Ricoh, MinterEllison, and MLC Life Insurance secure their digital future.