Cysiv delivers SOC-as-a-service with help from SADA and Google Cloud



With help from SADA and Google Cloud, Cysiv learned how to increase scale, lower costs, and redesign areas of their architecture for improved services.



Software & Technology


30% of business leads from SADA


Up to 3.8M security events/second

No one would ever believe that a hacked parking meter could lead to a corporate data breach. However, it did happen. Security company Cysiv saw it with their own eyes when an electronic parking meter with an unpatched OS made an entire company network subject to cyber attack. 

“The company with the susceptible meter had a backdoor installed,” said Justin Foster, CTO and Co-Founder at Cysiv, a security operations center-as-a-service (SOCaaS) provider. “They were victimized because a PC-based parking meter running an older version of Windows was hooked up to their network.”

Fortunately, Cysiv’s 24/7 SOCaaS service reduces these kinds of cyber risks by accelerating and improving threat detection, investigation, and response across on-prem, remote, and multi-cloud IT environments. Cysiv combines its cloud-native and data-science- and automation-driven next-gen SIEM platform with vendor-agnostic data support, comprehensive cyber intel, and remote experts—including data scientists, data engineers, security analysts, threat hunters, and researchers—who operate as a seamless extension to IT/security teams. 

“We find these hidden threats in the network environment and provide fast remediation,” said Foster. “In the case of the parking meter, it hadn’t been upgraded for a while and someone on their network injected a backdoor. There it sat, listening to network traffic and sending that information to the cloud. We were able to trace the backdoor to the meter and put a stop to it.”

Business challenge

With cloud platforms becoming more attainable and secure, Cysiv thought it was only logical to start their security information and event management (SIEM) solution in the cloud. With their plan calling for co-managing the SIEM with their customers in a shared analyst model, they needed a cloud solution that supported multi-tenancy. Multi-tenancy would enable Cysiv to build their SOCaaS solution on top of the SIEM and support human experts at their SOCs and the customers’ SOCs working from the same security data. 

Additionally, Cysiv needed reliability, global connectivity, and managed storage and compute for their cloud-native architecture. For mission-critical workloads, Cysiv must have 99.95% uptime availability, a highly scalable platform, and very responsive, high-quality support. Cysiv also needed a partner to consult on cloud computing issues before opening tickets.

As a startup scaling their business activity, they wanted that same partner to support their sales motions with go-to-market activities including co-selling and co-marketing support.


When they started evaluating solutions for setting up their SIEM cloud platform, Cysiv initially looked at three leading cloud computing providers. After comparing the various options of each provider, they determined Google Cloud Platform (GCP) would best fit their needs.

“We decided on Google Cloud because of better pricing and open-source solutions such as Google Kubernetes Engine (GKE),” said Foster. “It was just more appealing to us.”

To deploy Cysiv Command, the company’s SOC technology platform, they built it on top of GCP to take advantage of multi-tenant GKE and BigQuery, Google Cloud’s serverless multi-cloud data warehouse. Cysiv Command combines a SIEM with other SOC functions into a unified SaaS solution. The company also planned to operate in multiple regions and required GCP’s global connectivity and local points of presence (POPs) in those regions.

“In 2017, there was no managed Kubernetes in other cloud environments, so it was clear that if we wanted managed services, Google Cloud was the way to go,” said Foster.

“Google Cloud enabled us to build Cysiv Command without any virtual machines and to containerize and use native functions. As we evolve our technology, we’re considering new Google Cloud components to make changes to the architecture with the help of our partner SADA. Their Technical Account Managers (TAMs) engage the associated component subject matter experts (SMEs) at Google Cloud and then make their recommendations about how we should move forward.” 

Justin Foster | CTO and Co-Founder at Cysiv

Additionally, SADA helps Cysiv receive the most value from their GCP usage by checking if their current microservices could be replaced with more scalable and cost-effective GCP options. SADA also provides technical feedback to Cysiv before they file support tickets. “We see value in being able to talk to someone at SADA about our options for maintaining and upgrading our platform,” said Foster. “SADA’s cloud specialists are always available to provide roadmap updates and share their GCP architecture knowledge and advice.” 

‘Win-win’ partnership 

In addition to their technology partnership, Cysiv and SADA work together on the business front. With the 2021 launch of SADA’s SaaS Alliance Program, ISVs and SaaS companies that run on Google Cloud, such as Cysiv, have been able to take advantage of the go-to-market support and strategic planning and co-selling opportunities that exist between SADA and Google Cloud. 

“The co-sell program played a major role in our commitment to SADA and Google Cloud,” said Foster. “Cysiv gets direct account referrals from both SADA and Google Cloud. We’re already receiving customer referrals through SADA’s security assessment program when there’s a gap for monitoring. That’s a great win-win relationship.”

SADA provides a dedicated Alliance Account Manager and sales representative to support co-sell motions with SaaS Alliance partners and help customers scale their business.

“Just walking into an opportunity together with SADA or Google Cloud lends so much credence and credibility to our SOCaaS solution,” said Foster. “It gives us that little extra bit of sheen on our reputation.”


Within months, Cysiv was able to build and launch their Cysiv Command SOCaaS solution as a full-scale offering on Google Cloud. Cysiv streamlined development with the fully managed services available in GKE and BigQuery and saved costs with global GCP connectivity and POPs. “With help from SADA and Google Cloud, we have learned how to increase scale, lower costs, and redesign areas of our architecture for improved services,” said Foster.

By leveraging GKE, BigQuery, and other GCP solutions, Cysiv is able to analyze multiple terabytes of ingested data every day and provide powerful, real-time threat detection and incident response services. “BigQuery enables us to ingest up to 3.8 million security events per second, per project,” said Foster. “We’re very pleased with our choice of Google Cloud.”

As for uptime, Cysiv has been able to achieve 99.95% availability with Google Cloud. “Google has been standing up highly available systems for a very long time,” said Foster. “To keep our data moving, Cysiv also takes advantage of Google’s many POPs and ISP interconnects as well as their dedicated global fiber network.”

With referrals from SADA’s security assessment program, Cysiv has been able to sell SOCaaS monitoring to several mutual customers.

“Up to 30% of our current active sales leads have come as a result of referral from SADA’s security assessment program. That’s an excellent service that many companies need. We’re looking forward to that resulting in more joint opportunities.”  

Justin Foster | CTO and Co-Founder at Cysiv

In summary, with help from SADA and Google Cloud, Cysiv obtained: 

  • 99.95% uptime 
  • Cost-effectiveness due to GCP’s efficient and advanced infrastructure
  • Capability to ingest on a sustained basis up to 3.8 million security events per second, per project on BigQuery 
  • 30% of their sales leads through SADA’s SaaS Alliance Program

SADA’s SaaS Alliance Program is an industry-leading initiative aimed at helping independent software vendors (ISVs) and SaaS organizations scale their businesses faster and maximize the value of their partnership with Google Cloud. The SaaS Alliance Program guides software companies to drive innovation, enhance their product offerings, accelerate customer acquisition, and amplify their marketing efforts. As a Google Cloud Premier Partner, SADA has formed powerful and impactful partnerships with ISVs by filling the increasing demand for go-to-market support and expertise. Learn more about SADA’s SaaS Alliance Program.

SADA’s referral of prospects in need of a virtual SOC to satisfy 24/7 monitoring and incident response is an essential benefit of our partnership. We see mutual advantage in helping these Google Cloud users deploy safely to the cloud and meet compliance and security goals together.

— Justin Foster | CTO and Co-Founder of Cysiv

More customer stories

What we're up to

Solve not just for today but for what's next.

We'll help you harness the immense power of Google Cloud to solve your business challenge and transform the way you work.

Scroll to Top