Dell SecureWorks

The company I work for has used SecureWorks before I started. I really never realized how much they are doing.

Here is a short description form Wiki.

SecureWorks was founded as a privately held company in 1998 by Michael Pearson and Joan Wilbanks. In 2002 Michael R. Cote became President and CEO. In 2005, and again in 2006, the company was named to the Inc. 500 and Inc. 5000 lists (2005, 2006) and Deloitte’s Fast 500.

In 2006, SecureWorks merged with LURHQ Corporation and the new entity continued under the SecureWorks corporate name. LURHQ, which was founded in 1996 in Myrtle Beach, SC and provided managed security services to large enterprises, had similar company cultures and leadership to SecureWorks. According to Gartner, the merger created a stronger company. With the merger, SecureWorks was able to leverage Sherlock, LURHQ’s portal, to unify its combined customer base onto a single integrated security management platform.

In 2009, SecureWorks acquired the Managed Security Services (MSS) business from VeriSign, Inc., a trusted provider of Internet infrastructure services for the networked world, and grew to more than 500 employees worldwide. The acquisition expanded its clients to approximately 2,600 in more than 50 countries, including the United Kingdom, Saudi Arabia, Taiwan, Finland, Spain, Brazil and Mexico. This includes four of the Fortune 10. Also in 2009, SecureWorks acquired the then 10-year-old dns Limited. This acquisition expanded SecureWorks’ operation to include a UK-based operations center and additional offices in London and Edinburgh.

On January 4, 2011, Dell announced that it would acquire SecureWorks to be part of Dell Services. Dell SecureWorks officially began operating as a Dell subsidiary on February 7, 2011.

As you can see SecureWorks has been around for a while. Even after the acquisition from Dell SecureWorks has still impressed me.

Here is a screenshot of the SecureWorks Dashboard.

From here I can track the tickets. We also have what we call a chain of command. If SecureWorks detects a threat, they send and email to the IT mailbox.  If someone has not answered the ticket on the portal/dashboard in 10 minutes they will start calling the chain of command. First is the main IT line. Second is the managers cell phone. Third is the lead system administrator. If they do not get an answer or a response they will try again every 20 minutes until someone can be reacted.  This can be a great benefit if you do not have an IT staff of 50 or more.  I truly believe that our network should have been breached by now. I strongly believe that SecureWorks is the reason we have not been in the news.

So let me break down how the iSensor works.

The iSensor is controlled by SecureWorks. They configure the hardware server and Linux OS at their facilities.  They then ship the server to the client.  When you access the server there is a Menu screen.  It allows you to reboot the iSensor and setup the External IP address. This allow SecureWorks to completely control the traffic without a local users making unauthorized changes.

Image taken from Dells Website here.

As you can see it is a pass-through device. It will monitor all incoming and outgoing traffic.  They make a similar device that can be installed between your firewall and the rest of the network.

Here is a short story on our experience.

We had a client that brought a business laptop to our department.  This laptop was infected. I will leave it there.  The tech did everything they could think of to clean the device.  Once they thought the device was clean, they put it onto our corporate network to run updates. It was no more than 3 minutes and we had a call from SecureWorks. They said there was a machine on the network that was trying to access the internet with a known signature. We unplugged the device and SecureWorks confirmed that the traffic had stopped.

Conclusion

If you are looking for a way to keep your network save from the outside attackers you might want to give Dell SecureWorks a call.  I have no complaints.