We operate in an industry that praises innovation - the art of advancing technology concepts to marketable products and services. But sometimes smart is equally - if not more - important than innovation. And when I recently met Alison Andrews, the CEO of security service provider Vigilant, the only thought I had was here's a smart company with a smart leader.

Vigilant is not your typical managed security services company. Rather than offering an array of vendor-branded and repackaged security services, Vigilant specializes in delivering security information/event management (SIEM) as a service. It's not a revolutionary concept, and several MSSPs are delivering SIEM as a service. Vigilant is different for two reasons: the way it delivers this service and its plans for future growth.

As other SIEM service providers operate, Vigilant is agnostic from a technology perspective. It resells appliances and applications by leading SIEM vendors, including ArcSight, Imperva, Novell, Q1 Labs, Novell and NitroSecurity, to name a few. It integrates those applications and appliances into a central security operations center that monitors activities, issues alerts and, if necessary, takes remedial action on behalf of clients. To this point, it's pretty standard stuff.

Here's where things deviate from the norm. Because Vigilant specializes exclusively in SIEM management, it's developed several tools and security frameworks for optimizing service delivery. This is pretty unique given that it's taken much of the company's working capital and cash flow to invest in these advanced capabilities.

Vigilant's Fulcrum Framework is a unique set of best practices, use cases and templates for maximizing the potential of SIEM technology. SIEM products come out of the box with a template for aggregating security events into actionable items. What Vigilant did with Fulcrum is fine-tune SIEM practices for specific instances, such as financial services firms and payment processing systems. Fulcrum is mapped to common regulatory and security standards such as Sarbanes-Oxley, HIPAA, PCI-DSS and ISO 27002. Vigilant has even developed modules for obscure and industry-specific regulations such as NERC/FERC, which governs energy and utility systems.

Frameworks alone don't really make a difference, since there is no real unifying standard in standards. This is where Vigilant really got smart. It reconciled these frameworks and created a system called “Fusion” that determines the applicability in specific customer environments. The number of applicable items became the benchmark through which an organization's security posture is measured. Vigilant built a custom-built dashboard through which its customers can check its standing at any given moment. In essence, Vigilant has transformed SIEM from an aggregation and management tool to a measurement and compliance tool with real relevancy to the business.

As Andrews explained to me, Vigilant wanted to ensure that its customers had the most transparence in both their security posture and the effectiveness of their security efforts. That's a rare combination. But Vigilant's system is also designed for scale. Its customers don't have to adopt the full deployment at once. Rather, they can buy and develop their SIEM program over time, measuring performance and adding capabilities. “You started by developing a credible system to see how you play over time,” Andrews explained.

How effective and promising is the Vigilant model? Frost & Sullivan awarded Vigilant its 2010 North America Product Differentiation Excellence Award in the Managed Security Service Providers Market category. “This award is an influential recognition of Vigilant's deep bench of SIEM expertise, and their innovative, scalable model for delivering SIEM best practices, combined with a high degree of customization, through a managed service model,” said Frost & Sullivan analyst Martha Vazquez. That's no small praise.

At the beginning of this post, I said the other thing that distinguishes Vigilant is its plan. Andrews says with complete confidence that the company will continue to grow its capabilities and customer base by focusing on what it does best: SIEM. Well, for the most part anyway. Vigilant does dabble in data loss prevention and governance/regulatory compliance, too, but its core is purely SIEM and its focus is in the financial services and highly regulated industries.

Other managed service providers could learn from how Vigilant invests in its own intellectual property and tools, works with leading vendors, and builds products and services that provide measurable value to its customers. It's not innovative, it's just plain smart.