Businesses of all sizes face a unique set of complications where cybersecurity is concerned. Enterprises have large perimeters due to the sheer quantity of attack vectors, namely, endpoints in multiple branch locations. Small companies typically can’t afford in-house cybersecurity expertise, nor do they have the IT resources, the time or the money to adequately secure themselves against cyberthreats. Then there’s the mid-market, which is too small to support an entirely in-house security operation center, but too big and depending on the industry, too bound by regulatory compliance to completely outsource cybersecurity.
Much as each category of company has its own set of struggles, each also has advantages working in its favor. Enterprises have a large pool of available resources (time, money and expertise). Small businesses can put their cybersecurity in the hands of an MSSP, and pay a nominal fee to keep cybersecurity posture out of sight and out of mind. Finally, the mid-market has SOC-as-a-Service.
This post explains what that is, and how it has enabled the rise of a new market called managed detection and response (MDR) services.
How SOC-as-a-Service works
As implied in the name, SOC-as-a-Service is the delivery of a security operation center on a subscription basis. The key features and benefits of a SOC include:
- Real-time, 24/7 threat monitoring.
- Regular vulnerability assessments.
- Access to the knowledge of dedicated security engineers.
- Low overhead.
- Fast deployment.
- Flexibility, scalability.
Granted, those latter three items on the list apply to almost any managed service. But what makes SOC-as-a-Service stand out from other MSSP offerings is that it’s much more than just a solution that’s managed offsite. The engineers operating the SOC essentially act as on-demand security consultants for clients. For a company that would prefer to have visibility and control into its security environment, SOC-as-a-Service is much more suitable than the traditional MSSP model.
MDR: Completing the package
SOC-as-a-Service has slowly morphed into an entirely new cybersecurity market called managed detection and response (MDR). The SOC continues to be the enabling factor for MDR, in that it’s how the provider aggregates the log data it uses to detect threats in real time. However, MDR takes this a step further by tracing the entire threat lifecycle for clients. This does two things:
- It allows the MDR provider to give precise recommendations for how cybersecurity can be improved.
- It enables the security engineers, in managing the SOC, to help clients build out an incident response plan, and then help execute it if necessary.
With cybersecurity expenses on the rise, and expected to exceed $100 billion by 2020, objective recommendations from a security engineer regarding what services and tools will actually improve your security posture are invaluable, and will continue to be in the years to come. For mid-market organizations, this ensures visibility into security posture, preempts needless cybersecurity spending and covers the astronomical costs associated with SIEM management – all within a price range that makes sense.