March 23, 2022

Last Updated on January 4, 2024

If you haven’t heard the term “security infrastructure as a service,” read on because it has a disruptively bright future. Among the very first to operationalize this concept is LimaCharlie.

On a recent episode of The Virtual CISO Podcast, LimaCharlie founder Maxime Lamothe-Brassard shares the company’s “AWS for Security” business/technology model, including how the platform readily assimilates new use cases.

All about infrastructure

“We want to be an infrastructure company,” says Maxime. “We work with a ton of MSPs and MSSPs, so we want to focus on where we bring the most value, and where our users bring the most value. We don’t ever want to be in competition with our own users.”

That means developing integrations and creating toolkits to help others build what they want to use or productize versus building full-bore “solutions.”

Maxime also shares two significant focus areas for LimaCharlie: making the platform easier to use with a low-code approach and augmenting their current toolkit to address the most significant pain points they hear about from customers.

“We’ve had a lot of requests around things like inventory and configuration management,” Maxime reveals. “So, having the ability to build models about your endpoints, like, ‘What’s the patching status?’ You can get the patching status today, but there are layers that we can introduce to make it easier for people to reason about who’s missing this patch and provide those insights.”

Can’t stop this one-stop-shop

There are few limits once a security team starts proficiently using the LimaCharlie toolkit. As podcast host John Verry notes, the platform can potentially address a huge range of security and compliance needs in a seamlessly simple and cost-effective way… once you get used to the whole idea.

“If LimaCharlie can read exactly what’s on a box, you could do configuration benchmarking, right? Tell me if I’m aligned with CIS benchmarks or DISA STIGS. Everybody runs Nessus scans in their environment, or Qualys scans, or some other scanner. Why do I need to run a vulnerability scan if I’m already sitting in a box? Why can’t LimaCharlie just, through your agent, tell me, ‘Hey, this box has a CVE on it.’ Then you could do the automated patching (in theory), right?”

In the end, the “AWS for security” model could reduce multi-vendor complexity. Many SMBs struggle to address the care and feeding of a multi-vendor security stack. With LimaCharlie, you could potentially run XDR, vulnerability scanning, patching, and other capabilities from a common interface. This could simplify training, cut costs and streamline administrative tasks.

What’s next?

Ready to catch the complete podcast with LimaCharlie founder Maxime Lamothe-Brassard? Click here.

How do SaaS security firms “do” security? Here’s a window onto the state of the art: EP#73 – Mark Richman – Why Cloud Is More Secure Than Your Average On-Prem Solution