Rackspace is debuting new Managed Security and Compliance Assistance services today in a bid to help improve its customers' security.
"Rackspace has always had a focus on security, but we used to draw a line, where our customers were responsible for implementing security solutions on their own after a certain point," Perry Robinson, vice president and general manager of Managed Security at Rackspace, told eWEEK. "We have strong security around the data center and our operations, but we left it up to customers to protect their own environments."
Robinson said that organizations have been asking for more help in security, which is why Rackspace is now launching the managed security services. The services package together Rackspace's hosting with security.
Jarret Raim, head of Strategy and Operations, Managed Security at Rackspace, explained that from a technology perspective, Rackspace is using a triple stack that includes host- and network-based protection platforms as well as security analytics. A primary goal of the stack is to help reduce the time it takes to detect and then remediate an infection or security breach incident.
Rackspace is partnering with multiple security vendors as part of its triple stack. The Falcon platform from CrowdStrike (which recently closed a Series C round of funding, bringing in $100 million) is being used for the host-based security, Raim said. Log management is done via a partnership with Alert Logic. And on the network side, Rackspace uses tools from several vendors, including LogRhythm and AlienVault.
One thing that isn't part of the base managed security package is Web Application Firewall (WAF) technology. That said, Raim noted that Rackspace has additional security components that customers can add to their service as needed. Distributed denial of service (DDoS) is another optional capability that Rackspace has available for customers, by way of partnerships with Arbor Networks, Akamai, Incapsula and CloudFlare.
The other new service is Rackspace Compliance Assistance, used to determine and identify when an organization deviates from the baseline.
"The technology is real-time monitoring of compliance issues on customer hosts," Raim explained. "So we look to see if a host is in compliance, and if it slides out of compliance we will know in a short timeframe."
The overall goal of the Compliance Assistance service is to help improve the security posture of customers. Raim emphasized that security isn't just about always trying to prevent 100 percent of all attacks. Rather it's also about being able to respond quickly when security incidents do occur.
"The Compliance Assistance effort is about making it harder for an attacker to get into an environment in the first place," Raim said. "It's about making it more difficult and costly for an attacker to mount an attack against a business."
While Rackspace is now providing more security capabilities to its customers, one key element that isn't provided is a guarantee that they won't get breached. The idea of security guarantees is a new one and is offered by WhiteHat Security, which will refund a customer if they are hacked and pay up to $500,000 in breach-related costs.
Robinson said that Rackspace is not getting into the breach insurance marketplace, though he noted that it will provide its customers with guidance on insurance policies.
"We can help to reduce the chance of a cyber-attack, and we can help to respond to an attack more rapidly, but we can't make a commitment to keep bad things from happening altogether," Robinson said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.