1

MSSP USE CASEHow to expand a service portfolio and open new revenue streams, using threat intelligence modules from Blueliv

2

Many end users opt to work with an MSSP to help them defend against cyberattacks. But as an MSSP, how do you gain this tangible competitive advantage, implement it successfully and not get weighed down with unnecessary complexity?

Blueliv helps MSSPs around the world rapidly expand their service portfolio by offering your customers automated targeted threat intelligence, in a smart, straightforward program designed to make vendor engagement as simple as possible.

Our unique SAAS Cyber Threat Intelligence solution allows very specific use cases to be delivered through targeted threat intelligence modules.

Our fully automated modules are designed to help MSSPs service end customers with low in-house skills and a relatively immature security setup.

Blueliv for MSSPs: straightforward engagement, increased revenue

SIMPLE FLEXIBLE SELF-SERVICE LOW COST OF ENTRYOur unique,

automated architecture has been designed with SOC teams in mind and is extremely easy to set

up and run

Move modules around your

customer base until you find the unique

combination of modules that delivers them the most value

Use our unique MSSP ATM

(self-service portal) to calculate your credit balance, so that you’ll need a

minimum amount of Blueliv interaction to accurately scope and

size requirements

Easy ‘on-ramp’ commercially and

technically for MSSP’s with customers who may lack resource or technical skills to tackle external threats effectively

3

Helping you manage your customer’s digital risk

Customers are coming to you looking for solutions.

• Who is targeting my organization, and from where?

• What’s my presence on the dark web?

• How has our corporate network been compromised?

• Have any credentials been compromised and are they being used to commit fraud?

We power the back end to help you service your customers with targeted intelligence. In-dividual modules are delivered through our multi-tenant cloud solution, multiple user ac-counts within granular set up of roles and permissions within the application, making the product easily accessible for customers, and affordable with predictable costs for the MSSP.

LARGER CUSTOMERS

SMALLER CUSTOMERS

Those without a SOC, these customers have relatively small teams with limited resource. Likely to use an MSSP to address some of their needs where their team lacks expertise and/or time.

Working with an MSSP to find the most cost-effective way to address all current and future cybersecurity needs, because they simply don’t have the resources to dedicate employees to cybersecurity.

The MSSP can use our unique ‘credit in advance approach’ to target these customers with the right modules to suit their needs.

‘Credit in advance’ contains a very sizeable discount on modules sold, massively benefiting the MSSP.

3

4

How MSSPs can sell Threat Compass

We increase effectiveness by providing value-adding, actionable intelligence linked to the other systems and services you provide to your customers.

You will noticeably increase the revenue of existing solutions and be able to deliver a more expansive service offering at a hugely discounted rate.

Threat Compass will help your customers:

• Reduce threat actors’ window of opportunity

• Reduce incident response times, the total cost of a breach and disruptions to business continuity

• Proactively identify new threats for rapid response and mitigation measures.

Cyberthreats are becoming more sophisticated and frequent, targeting enterprises of all sizes. The next attack being a successful one is all but inevitable. The focus therefore needs to be on identifying patterns in the data, adding critical context and reducing response times as quickly as possible.

Grow new incremental revenue opportunities.

Leverage unique and targeted TI to inform your customers about emerging threats targeting them to position yourself as trusted advisor and identify potential new business opportunities.

https://www.blueliv.com/products/modular-intelligence/threat-context-products-to-prevent-cyber-attacks-blueliv/https://www.blueliv.com/products/modular-intelligence/threat-context-products-to-prevent-cyber-attacks-blueliv/https://www.blueliv.com/products/modular-intelligence/threat-context-products-to-prevent-cyber-attacks-blueliv/

5

Threat CompassBlueliv’s scalable, automated and targeted solution is designed for frictionless integrations with SOCs so that MSSPs can deliver a fully managed service to its customers. For each individual customer, the MSSP can offer relevant, actionable intelligence for accelerated decision making.

Our feeds provide data and intelligence to manage digital risk. The solution is automated but has the critical backing of our world class in-house analyst team. Meanwhile, our dedicated commercial team will work with you to provide better security services to your customers.

The cloud-based SaaS platform is multi-tenant and means you can on-board new customers in a matter of minutes. The

flexibility of integration through API, SDK and plugins with vendors such as AlienVault, Splunk, ArcSight and Elastic-ELK makes it very easy to export data from Threat Compass platform and integrate it with your client’s existing security solutions.

Threat Compass utilizes standardized cybersecurity information-sharing techniques, such as STIX and TAXII to automate intelligence-sharing with other security devices. Moreover, analysts receive real-time alerts and automated data, eliminating the need to manually correlate data from multiple sources and in multiple formats. They can then provide actionable intelligence that enables each client to defend against threats most effectively.

5

6

Modular services,flexible business model

End customers choose different MSSPs for their different services. Some seek threat detection and security management but to buy these services, customers need to understand the abilities and limitations of the MSSP’s analysts.

MSSPs have a wide variety of different services they provide customers with different levels of engagement. Some customers are looking for a one-size-fits-all solution, but others want to pick and choose those services that best suit their requirements.

Blueliv’s Threat Compass enables MSSPs to buy specific modules as standalone complementary services, or as part of an integrated package depending on your client requirements. Every client is different, with different security requirements.

Blueliv delivers the intelligence it gathers through a modular architecture, meaning that it can divide its offering into different threat categories.

MSSPs know that some of their bigger clients are concerned with their IP and other confidential information leaked into the wild. They buy credit in advance and target them with the Data Leakage and Dark Web modules.

In the wake of massive ransomware attacks in Spain in 2019 (Everis, Cadena SER), this ever-present threat started to resonate with some of our smaller clients.

The reality of the situation is that big organizations are more equipped to face a potential security incident.

Smaller organizations lack the resource, constrained as they are by their security budget. We were able to allay some of our smaller customers’ fears with our threat intelligence offering.

Rather than a one-size-fits-all package, we have been able to offer individual malware and domain protection modules. This helps them stay on top of the latest ransomware threats that could affect them before an attack could have a massive impact on business continuity.

This also offers an easy on-ramp to threat intelligence services, which can go well beyond these two individual modules.

EASY ACCESS CASE STUDY

7

Another MSSP had a client in the retail space who was worried about their customers becoming victims of fraud, so invested in Domain Protection, Mobile Apps and Credentials, to ensure that they discovered any compromised information in real-time and mitigated the impact of fraudsters targeting their company.

Each of these is subject to a sizeable discount to the MSSP, who can generate incremental revenue streams off the back of selling to different customers with individual requirements. “The modularity of Blueliv’s services has been a very successful model for us,” commented the MSSP’s product owner. “It meant that we didn’t have to try and push a one-size-fits-all threat intelligence service to customers”.

“Working with Blueliv, on the other hand, means we can offer a buy-as-you-need threat intelligence service. Firstly, this makes it easier for our customers, who might not need an all-singing, all dancing cybersecurity package. Second, it means that we can open both new and incremental revenue streams and Blueliv offers us a pay-as-you-grow model, reflecting what we deliver to customers. A customer might only need one module to start with, but they have a menu of additional modules which they often buy once they see value.”

For the MSSP, with an attractively priced ‘credit in advance’ model, they can target customers with modules that suit their individual needs.

7

https://www.blueliv.com/products/modular-intelligence/domain-protection-prevent-attacks-and-more-blueliv/https://www.blueliv.com/products/modular-intelligence/detection-of-false-and-fraud-mobile-apps-blueliv/https://www.blueliv.com/products/modular-intelligence/choose-our-credential-theft-protection-products-blueliv/

8

Additional services to sell, fewer complications

When adding a new service, integrations can get messy, or the additional data causes fatigue for the experts within the MSSP.

There must be a balance between responding to customer needs with an advanced yet affordable service offering, and the ability to manage these additional services internally to maintain a high level of quality and actionability.

An MSSP approached Blueliv with some reservations about including threat intelligence as part of their already broad service offering. They were concerned about adding more services: threat intelligence services offered by other vendors are seen as complex to integrate, complex to learn how to operate, and complex to manage once they’re up and running.

Blueliv was able to meet each of these challenges head on. Threat Compass is a cloud-based SaaS solution, meaning that integrating into the existing portfolio required next to no implementation time. You can be fully operational in a matter of hours.

During 3 sessions Blueliv’s experts trained the MSSP’s staff how to both sell and operate each individual module within Threat Compass, but

“The simplicity is incredible.”“Adding threat intelligence services to our portfolio was without any of the complications we were concerned about. When our customers starting using it, we were worried about an avalanche of information that our analysts would have to spend time working through to deliver relevant results. Our reputation was on the line. But Threat Compass only delivers relevant, actionable and customer-specific information, meaning our workload was hugely reduced. We now can provide 360º visibility for our customers through threat intelligence -combined this with our takedown services and endpoint protection, we deliver a cybersecurity offering that really stands out in the marketplace.”

MSSP focused on clients in DACH region

9

the fact that its automated means that once the parameters are set, Threat Compass continuously searches the open and dark web for customer-relevant intelligence. If an alert is raised, Blueliv analysts support the MSSP’s team where required to provide context as quickly as possible. Our dedicated customer success team works with an agile ticketing system and a commitment to solve each ticket as efficient and fast as it could be. Our service level agreement assures you will be contacted back within 1 hour after opening

the ticket. Blueliv´s MSSP workflow includes regular status calls, frequency agreed upon your needs.

As a result, there was exceptionally fast time to revenue and ROI for the MSSP. As a cloud service, they could active new client accounts rapidly, without having to devote resource for purchase, deployment, management, support and upgrades. With Threat Compass you will generate ROI within the 1st year.

9

10

info@blueliv.com

linkedin.com/company/blueliv

twitter.com/blueliv

blueliv.com

About BluelivBlueliv is Europe’s leading cyberthreat intelligence provider, headquartered in Barcelona, Spain. We look beyond your perimeter, scouring the open, deep and dark web to deliver fresh, automated and actionable threat intelligence to protect the enterprise and manage your digital risk. Covering the broadest range of threats on the market, a pay-as-you-need modular architecture means customers receive streamlined, cost-effective intelligence delivered in real-time, backed by our world-class in-house analyst team. Intelligence modules are scalable, easy to deploy and easy to use, maximizing security resource while accelerating threat detection, incident response performance and forensic investigations. Blueliv is recognized across the industry by analysts including Gartner and Forrester, and has earned multiple awards for its technology and services including ‘Security Company of the Year 2019’ by Red Seguridad, Enterprise Security and Enterprise Threat Detection 2018 category winners by Computing.co.uk, in addition to holding affiliate membership of FS-ISAC for several years.

Blueliv ® is a registred trademark of Leap inValue S.L. in the United States and other countries. All brand names, product names or trademarks belong to their respective owners.

© LEAP INVALUE S.L. ALL RIGHTS RESERVED

mailto:info%40blueliv.com?subject=https://www.linkedin.com/company/blueliv/https://twitter.com/bluelivhttps://www.blueliv.com/