Fortra’s Alert Logic is a rich amalgamation of security researchers, analysts, and technical specialists. They work together to prevent and deal with the most significant cybersecurity threats out there. Part of our 24/7 managed detection and response (MDR) service is to ensure customers maximize their service adoption, acting on the security insights we provide and can communicate the business value that comes with strong security posture. This is where our customer success teams come in — teams that can translate dense, critical information to anyone, and connect customers with the right technical experts to solve complex issues.
I wanted to dig further into customer success management (CSM) with two people who support our customers at both ends of the spectrum. Brett Misselbrook, Alert Logic’s principal CSM, is the caretaker of some of the largest European multinationals with large attack surfaces and hybrid environments. Meanwhile, strategic value manager Jon Nightingale looks after smaller organizations with a smaller IT footprint and their own security concerns. Here’s what I learned during a during a fascinating conversation I moderated in another edition of our webinar series, Inside Alert Logic’s SOC.
The CSM Finds the Right Answers from Those Who Know Best
All our customers have some form of relationship with our security analysts, whether that’s from the deployment and tuning phase, or responding to critical security incidents if they arise. Customers who subscribe to our designated analyst optional add on also have a direct security relationship with a named analyst who interacts regularly to become an extension of their own security or IT team.
Both types of customers also are assigned an operational point of contact whose primary goal is to optimize the working relationship between our security professionals and the customer. The Customer Success team uses their knowledge of Alert Logic with customer business context and requirements to point stakeholders to what the need to see — a clear, simple impression of service adoption, deployment health issues, customer security posture, security value, evolving security concerns and the people who can solve them.
Jon — who’s been with us for seven years now — says that “We’re trying to be as proactive as we can with customers, picking holes and understanding if there are any gaps — ultimately a two-way conversation for the best return on their contract.” By listening to our clients and suggesting what they can do to improve their security posture, he finds a solution that’s as comprehensive as it needs to be. “Typically, customers have a myriad of questions, and part of our work is bringing in the right people to answer them, whether they’re from SOC or our accounting or marketing departments.”
Brett emphasizes that cutting things to size is key: “Since we’re inherently a complex business with a multitude of disciplines, much of what we’re trying to achieve is ensuring that it doesn’t intrude into the customer space. We make sure these parts are efficient for the customer as well.”
Therefore, you can think of customer success managers as true champions who address an organization’s queries and requirements, solving the issues they are equipped for and otherwise connecting you to the right subject matter experts, who are ready and waiting to take action.
Mature Security Has Reports to Match
In 2022, we launched a program to translate our ongoing work more easily. It’s called the service/security value report (SVR), which includes a downloadable report from the console showcasing an organizations risk and threat metrics over time, with a regular session with the assigned CSM who walks the clients through their entire maturation journey and advises on the next security priorities. SVRs allow anyone — regardless of their technical background — to understand their cyber environment and everything we do to secure it.
Brett reminded me that, “For larger enterprises, what’s true today in network configuration and architecture isn’t necessarily true tomorrow. It takes a lot of time and energy to keep track of those environments.” Our reports demonstrate how effective certain solutions have been from one month to the next. Not only is this useful for your peace of mind, but it also helps enterprise customers justify security investments to other stakeholders who keep an eye on their budget.
Additionally, SVRs act as checkpoints for intermittent service reviews. Customers can’t see many of our deployments, so they might merely equate value to the incidents that get escalated, rather than those we stamp out before they escalate. That perception creates a false understanding of security value. Yes, us detecting and responding to an incident is valuable. But it’s even better if we mitigate risk earlier on in the chain, so that it never progresses to an incident. Jon explains that he highlights certain defenses in these reviews, such as whether deployments are healthy, meaning we have the visibility we need, or how our security research evolves for threats “in the big, bad world.”
Technical Translations Never Dry Up
I personally know how tough it can be to communicate what we do behind the scenes. A client called me once and asked why they were paying us as there hadn’t been a critical incident in three months! But that’s somewhat oxymoronic. You don’t want to experience a critical incident — it means we’re doing our job well. Security value is much easier to grasp when you’ve been down into the depths of an ongoing compromise investigation and come out the other side, remediated and operational again. Our job is to help users understand the value of every security control or task they undertake.
Jon appreciates the challenge of disseminating information like this. He shared that, “For higher profile issues, like emerging threats, we have a very defined process. Yet, for non-rockstar developments, we’re performing daily tweaks and ensuring that when the next big threat hits, chances are we have the right protections in place.”
Both Brett and Jon must be able to talk to people through the stakeholder chain, from operational staff to executive managers, explaining how our background activities support their strategy. They discuss plans for the year ahead: cost implications, consolidation opportunities, and how we provide more value as organizations scale up.
Many Customers Don’t Take Advantage of Features — Until We Show Them
Since our CSMs and SVRs typically evaluate the tools we use and their capacity for round-the-clock threat prevention, we’re able to answer an important question. Are customers truly capitalizing on everything they have through an Alert Logic contract?
“It’s interesting,” Brett muses, “to see the shift amongst these businesses, when they’ve realized they can incorporate more of those functions, if you will, within the Alert Logic platform. There’s a huge amount of benefit to gain.” Our reports contain a special utilization page that lists various features and whether they are leveraged, essentially saying, Here’s what you’re paying for. Shall we switch on more of it? For example, Alert Logic is PCI-approved and can perform vulnerability scans without requiring another third party, our agent also has a file integrity monitoring (FIM) function. “Activating additional capabilities in the plan you have, rather than paying twice for the same thing, just makes sense.”
These conversations are even more beneficial for smaller companies undergoing a merger — Jon’s specialty. “If you have a couple of guys running the show,” he explains, “they can lose track of everything they can utilize.” So, our customer success managers tease out extra layers of prevention and detection, spotlighting the farthest reaches of what we can offer on a single retainer.
This is not about looking to upsell customers on features. We bundle the necessary features into three simple tiers and want to ensure customers take advantage of them wherever possible. Maximizing coverage and adoption — maximizes security outcomes, which is the driving factor behind every function of our MDR experts.
Ready to learn more about Alert Logic’s CSM and our MDR solution. Chat to an expert about your own cybersecurity demands or learn more about what goes on inside our SOC by signing up for future editions of the series.