FEDERATION

A Modern Approach
to Multi-Tenancy

In the world of Managed Security Services, Multi-Tenancy is often the default approach to managing the
security of multiple subscribers. However, like most things in IT, the default approach is rarely the right
choice. Multi-Tenancy has a number of technology disadvantages as well as creating an unpredictable
business model for most MSSPs.

A better approach is Federation, which delivers the same functionality of Multi-Tenancy without the
technical and business limitations. AlienVault Federation treats each site as its own autonomous monitoring
instance via the on-premise deployment that communicates with the Federation server. To understand the
technical and business benefits of AlienVault Federation over Multi-Tenancy, we will discuss several facets,
including:

››
Cost

››
Quality of Service

››
Deployment Flexibility

››
Reliability

››
Data Management

››
Privacy / Compliance

1
 S O LU T I O N B R I E F

Cost
Cost is always a major consideration in delivering any managed service, with the need to minimize both
your up-front and ongoing costs as your subscriber base grows. A Multi-Tenant approach requires you
to incur significant up-front equipment costs because of the cost model of Multi-Tenancy; regardless of
the number of subscribers, you need to invest in a long list of equipment and services: server hardware,
network hardware, cabling, license cost, HVAC, and so forth. This model repeats itself as you grow and you
approach the capacity limits of your software licenses and / or hardware, requiring you to invest in another
round of infrastructure spending.

A significant challenge with Multi-Tenancy is that if you build out your infrastructure too far in advance
of your subscriber base, you’ve invested in unnecessary capacity. At the same time, if you don’t build
out sufficient capacity to meet demand as you grow, you are limiting sales and potentially degrading
user experience by being unable to scale quickly. In other words, Multi-Tenancy requires very accurate
forecasting of infrastructure requirements to avoid unnecessary CapEx and OpEx. Even with years
of experience, your forecast will be a guess at best because your potential subscribers’ needs and
environments differ greatly.

With AlienVault Federation, you gain cost predictability with a lower up-front fixed cost because of a single
Federation server’s capacity to support hundreds of subscribers. This cost model allows you to maximize
ARPU (Average Revenue Per User) by scaling quickly to support a growing subscriber base while minimizing
costs. The Federated approach also relieves the pressure to accurately forecast your subscriber profile.
It allows you to add subscribers of any size or architecture, meaning you can size and scope each project
without having to accurately predict every new subscriber’s requirements.

“Whether you have

1 subscriber or 100,
the cost of the
Federation Server
remains the same”
 S O LU T I O N B R I E F

Quality of Service
In a Multi-Tenant environment, subscribers share computing resources, which can be both a benefit and
a disadvantage to you as the service provider. The benefit is that shared computing resources lower your
costs. The disadvantage is that, if one subscriber decides to add new logging sources or experiences a DoS
attack, all of the other subscribers in this shared environment will suffer.

Multi-Tenancy makes your environment a potential single point of failure. Since your Multi-Tenant
infrastructure is responsible for threat detection and analysis of all your customers, if you experience a
service interruption so will all your customers. Event processing stops, risk assessment stops and any type
of alerting you may have stops. The ability to deliver accurate threat information is the core of any MSSP
service, and using Multi-Tenancy adds significant risk to the delivery and awareness of that critical threat
information.

With Federation, problems experienced by one subscriber remain isolated with that subscriber and allows
you to maintain a high QoS (Quality of Service) with your other subscribers. Because the Federated
architecture involves an on-premise deployment of a monitoring server that communicates with the
Federation server in your SOC (Security Operations Center), each site serves as its own autonomous
monitoring instance. Even if the link between you and your subscriber goes down, the device deployed
locally at the subscriber’s site is still monitoring the network and producing events/alarms. Importantly, you as
the MSSP have the ability to log into each on-premise device and manage the subscriber’s security controls
remotely, even if the Federation server is unavailable.

Deployment Flexibility
Deployment flexibility is an important consideration when choosing the
infrastructure to support your managed service. Multi-Tenant models are often
limited to only one or two choices (e.g, on-premise hardware appliance or cloud
virtual appliance).

The AlienVault Federated model gives you the choice of an on-premise

installation with the Federation server at your SOC, a Federation server deployed
in the cloud with an on-premise hardware or virtual appliance, a complete cloud
installation, or a mixture of all. AlienVault USM gives you the ability to offer your
subscribers the solution they need to monitor their unique environment.

Reliability
MSSPs are highly sensitive to downtime, as any lack of availability or downtime
has specific, measurable costs. With Multi-Tenancy, several services must
operate with a high degree of uptime for you to achieve your SLAs (Service Level
Agreements). Unfortunately, you may not have control over some services, such
as data links between sites.

In contrast, an AlienVault Federation deployment reduces your chance of

downtime caused by reliance on third-party services. For example, since each
subscriber deployment is autonomous via the on-premise AlienVault appliance,
your subscribers get all the functionality of USM whether your infrastructure is
reachable or not.
3
 S O LU T I O N B R I E F

Data Management
Managing the security of a single environment is always a challenge as you are constantly inundated with
events, alarms, false positives, and more. Tracking and prioritizing multiple environments’ security events
and alarms is a frustrating exercise, especially when the monitoring solution is not designed to work in this
type of architecture.

Unfortunately, Multi-Tenancy can add to that frustration at the management level and make your job even
more difficult. Keeping track of what alarms belong to which subscriber and which subscriber has access to
what assets can distract you from focusing on the task at hand: securing your subscribers’ environments.

Also, with a Multi-Tenant approach, you have to worry about subscriber cross-contamination or leakage of
data. This can be due to misconfiguration of the software and/or hardware, data tagged incorrectly, or even
product malfunctions at the UI level.

In the AlienVault Federated model, since each subscriber has their own dedicated server and database, the
chance of any accidental data leakage is virtually non-existent. Federation eliminates the need to manage
different subscribers’ data, and allows you to deliver the managed security your customers expect.

Data Privacy / Compliance

International data privacy laws are another challenge to Multi-Tenancy. With the centralization of all security
event data in your SOC, you run the risk of transporting regulated data across country borders. Or, you have
to build separate SOCs in each country to achieve compliance.

AlienVault Federation enables you to isolate the data in countries with strict data privacy/data handling laws.
With the ability to house and analyze all data locally, you can monitor the site(s) remotely without sending
sensitive data outside of that environment/country.

Co-Managed Services
Co-Managed Services are a growing trend in the MSSP industry. Subscribers are looking for ways to have
some continued oversight into their deployment and security posture, and to be able to run reports on
demand. To offer this service with a Multi-Tenant architecture, you would be required to grant access to your
environment and write custom “portals” for your subscribers to use, putting your environment at higher risk
of compromise.

With AlienVault Federation, you can grant a subscriber limited access to their on-premise deployment to
achieve the same functionality. No portals, no custom code, and no risk to your environment.
4
 S O LU T I O N B R I E F

AlienVault Federation: The Better Approach

AlienVault Federation architecture offers a number of advantages over a Multi-Tenant approach, including
lower costs, infrastructure/scalability and management. Your predictable initial and incremental costs are
more manageable, your subscribers are not competing for resources as business grows, and you don’t have to
predict the future with your equipment purchases.

The advantage of the AlienVault USM Federated architecture include:

››
Cost - The low start up cost model of the AlienVault USM Federated architecture enables you to minimize
your costs while growing your subscriber base

››
Quality of Service - AlienVault ‘s Federated architecture is designed to isolate and prevent any issues
affecting one of your subscribers to affect the QoS delivered to the rest of your subscribers.

››
Deployment Flexibility - AlienVault USM gives you the ability to offer your subscribers the solution they need
to monitor their unique environment.

››
Reliability – The AlienVault USM platform is designed to support a Federated architecture and deliver
advanced threat detection, even when the Federation Server in your SOC is unavailable.

››
Data Management - With each subscriber having their own dedicated server and database, the chance of
any accidental data leakage under the AlienVault Federation model is virtually non-existent..

››
Data Privacy / Compliance - AlienVault’s Federated architecture gives you the ability to manage subscribers’
networks across international boundaries without violating data privacy laws

With AlienVault USM deployed in a Federated architecture, you can provide an exceptional managed security
solution at a competitive cost. AlienVault USM accelerates and simplifies the complicated task of monitoring the
security of your subscriber’s environment.

About AlienVault
AlienVault’s mission is to enable organizations with limited resources to accelerate
and simplify their ability to detect and respond to the growing landscape of
cyber threats. Our Unified Security Management (USM) platform provides all of
the essential security controls required for complete security visibility, and is
designed to enable any IT or security practitioner to benefit from results on day
one. Powered by threat intelligence from AlienVault Labs and the AlienVault Open
Threat Exchange—the world’s largest crowd-sourced threat intelligence network—
AlienVault USM delivers a unified, simple and affordable solution for threat
detection, incident response and compliance management. AlienVault is a privately
held company headquartered in Silicon Valley and backed by Trident Capital,
Kleiner Perkins Caufield & Byers, Institutional Venture Partners, GGV Capital, Intel
Capital, Jackson Square Ventures, Adara Venture Partners, Top Tier Capital and
Correlation Ventures.

For more information visit www.AlienVault.com or follow us

on Twitter (@AlienVault).