Overview
The Distributed deployment model for MSSPs provides a tailored solution for customers who prefer to maintain their security data within their own environments. Unlike the Consolidated architecture, in the Distributed model, each customer has its own dedicated SIRP appliance, ensuring data sovereignty and addressing concerns related to data transfer to external cloud environments.
βKey Components
Dedicated Customer Appliances:
βThe Distributed architecture assigns a dedicated SIRP appliance to each customer/tenant. This approach ensures that each customer maintains control and ownership of their security data within their environment, addressing concerns related to data privacy and sovereignty.
All the data resides on this customer appliance, all the integrations and automation happen locally within this appliance, all the SOC analysts use this appliance, and the same appliance acts as a customer access portal as well.
Master Node:
In the Distributed architecture, every MSSP also gets a Master node. This is a SIRP appliance that acts as the central hub to access all customer instances. This master node acts as an SSO (Single Sign On) appliance and streamlines the authentication process across different tenant appliances. This process consequently eliminates the need for repetitive logins across different customer appliances.Furthermore, the master node facilitates access control mechanisms, allowing analysts to access specific tenant environments based on predefined permissions.
You also get an option to monitor the "Connectivity" state of each appliance on the dashboard.
βSecure Connectivity
SIRP leverages MSSP's existing connectivity options with the customers to pull and push data from/to the customer environment. This is typically done through site-to-site VPN.
Benefits
Enhanced Data Sovereignty: By providing dedicated customer appliances, the Distributed architecture ensures that each customer maintains sovereignty and control over their security data within their environment.
Streamlined Authentication: The master node simplifies authentication processes for analysts, eliminating the need for repetitive login credentials across different customer appliances.
Granular Access Control: The Distributed architecture offers enhanced access control mechanisms, allowing MSSPs to define specific roles and permissions for analysts accessing tenant environments.
Tailored Solution for Large Environments: This architecture caters to customers with substantial security operations environments, offering a customized solution that meets their specific requirements and preferences.
β
Conclusion
The Distributed deployment model offers a tailored solution for MSSPs and customers who prioritize data sovereignty and control within their own environments. By assigning dedicated customer appliances and implementing a master node for centralized management, this architecture ensures enhanced security, streamlined operations, and flexibility for large-scale security environments.
For cases where the customer is flexible in terms of data management, the Consolidated Deployment Architecture is proposed.