‘As A Service’ (AAS) Overload – Providing Context to ‘AAS’ in Cybersecurity
It seems that most things in the technology world can be procured ‘As A Service’ today: we have ‘PenTest As a Service’ (PTaaS), ‘Cybersecurity As a Service’ (CaaS), ‘Red Team As a Service’ (RTaaS), ‘SOC As a Service’ (SaaS or SOCaaS); the examples are seemingly endless.
As the examples show, the ‘As A Service’ term has most recently been ported to the Cybersecurity world; taken from the ‘Cloud computing’ approach of modern product delivery models where we see ‘Software As a Service’ (SaaS), ‘Infrastructure As a Service’ (IaaS), ‘Platform As a Service’ (PaaS or PFaas) as stalwarts of many enterprise’s technical architectures.
But what does ‘As a Service’ mean? In essence it is the delivery of a given service by a vendor typically ‘over the internet’ and fronted by a platform or portal. Consumers of the service effectively buy into the vendor’s delivery model and benefit by dispensing with the need to do anything other than consume the service output. In some instances, consumers can support or tailor the service via elements they are permitted control of such as the aspects that can be built on top of said service – think of Amazon Web Services (and their suite of products) as an example. The ‘As a Service’ vendor efficiently and reliably provides a service capability (for example Pen Testing or Red Teaming in the cybersecurity context) that includes all resources - people, processes and technology – necessary to support its delivery to a client, usually within contracted SLAs.
The capability being delivered ‘As a Service’ is typically fronted by a control pane (portal or platform) where clients are able to define, tailor and consume the capability.
Still confused? We feel your pain. ‘As a Service’ is really the modernisation of a traditional service delivery model that seeks to remove the need to in-house certain aspects of your business operations whilst leveraging vendor’s specialisms, efficiencies and enhanced availability in order to allow you to focus on what you do best: providing your own set of services and/or products to your clients.
It is increasingly common for ‘As A Service’ vendors to use other ‘As a Service’ providers to support their own ‘As a Service’ delivery - and this has never been more true than in the world of Software As a Service enterprises whose offerings evolve at great pace and as a result require frequent security validation:
At CovertSwarm, we break the mould of traditional Cyber ‘As a Service’ delivery by having BOTH a portal (our Offensive Operations Centre) that our clients use to access and direct our specialist Cyber capabilities that are delivered by brilliant people – all of whom strive to provide a unique and constant cyber attack and R&D service. Our key differentiator is that we structure our teams of cyber professionals into 'Hives’ that can be made to swarm around your organisation, relentlessly ‘stinging’ your newest – previously unknown – cyber vulnerabilities either autonomously, or via client guidance.
CovertSwarm constantly run cyber attacks against you using similar approaches to that of malicious threat actors, such as Advanced Persistent Threats (APTs) and state-sponsored threat actors.
This is true ‘Cybersecurity As a Service’ - intelligent, relevant, tailored and constantly adding value. Taking the best aspects of ‘PenTest As a Service’ and ‘Red Team As a Service’, CovertSwarm modernises these approaches by removing the cyber risk gap that they leave behind and between their ad-hoc engagements.
Finally, we’d like to leave you with something to think about – have you outsourced your cyber defences to a Security Operations Centre (‘SOC As a Service’) or taken the large step to invest into an in-house SOC? Having taken the plunge how do you prove an ROI? Or whether they are constantly ‘ready’ to defend against the latest attack?
Contact CovertSwarm and let us demonstrate how we can help prove that your defences are active, effective and delivering value. Every day.