Introducing TheHive Cloud Platform

StrangeBee is pleased to announce the availability of TheHive Cloud Platform. You can now rely on the experts building TheHive and Cortex to operate them for you. Focus on the fun part of incident response and leave the boring ops to us!

It all started from customer feedback

Since StrangeBee started offering support contracts and professional services for TheHive and Cortex, many requests have focused on technical operations. More so than on the functional aspects of the products. So we started asking our customers: “would you rather have us operate the products on your behalf”? To which we got a mixed bag of answers ranging from “we’d love to, but our management won’t allow it [yet]” to “yes please”.

The common trend from this feedback was that most security teams we talked to would welcome sharing the operational burden, to varying degrees. Very few showed deep fondness for operations, since it’s usually time taken off responding to incidents or threat hunting (a.k.a. their real job ;-)).

Different shades of shared responsibilities

The big picture thus looked like this: given the choice, many of our customers would use TheHive and Cortex as a fully managed service. But cloud adoption strategies strongly vary, so this option is not on the table for everyone. However, many have started their cloud journey and are now able to use managed images, which allows sharing some responsibilities.

This is why we built the cloud offerings with both IaaS and SaaS products in mind. We started publishing AWS and Azure images earlier this year and more will come soon. For instance, we are working hard to make TheHive and Cortex available on other cloud marketplaces, such as Outscale.

IaaS images already offload a big chunk of the operational complexity. Launching the image just works. Updating TheHive or Cortex is as simple as replacing your instance with a fresh image. But you still need to operate and secure your cloud infrastructure. Managing IaaS instances is not a zero-ops job, even when using managed images.

Enters the true turnkey solution

With our SaaS offer, TheHive Cloud Platform, you get fully managed TheHive and Cortex instances running on the AWS region of your choice. It is sized and priced to meet the requirements of most organizations. All you have to do is log in and start responding to incidents. It’s secured, always up-to-date and fully supported. We can even help you move your existing TheHive data to the cloud so you can resume your investigations right where you left them.

We designed the service with hands-on experience on the products (obviously) but also from spending hundreds of hours assisting our customers in setting up and operating their incident response environment. Knowing how to use your own products is one thing, knowing how your customers are actually using them is much better! Initial user feedback is very positive, we are confident it will fit your team like a glove right from the start.

In summary

Here is a comparison of the responsibility sharing when deploying on-prem, using our IaaS images (AWS, Azure) or SaaS service:

We understand and respect that every organization has its own cloud adoption strategy and that some will prefer to stay on the ground for the time being. Rest assured that we will keep supporting on-prem deployments both with support contracts and professional services. And whenever you are ready, you can count on us to be on your side for your IaaS or SaaS transition.

To get started or to find out more about TheHive Cloud Platform, please visit https://www.strangebee.com/thehive-cloud-platform/