Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

4/12/2019
10:50 AM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail

8 'SOC-as-a-Service' Offerings

These new cloud services seek to help companies figure out what their traditional SIEM alerts mean, plus how they can prioritize responses and improve their security operations.
9 of 9

9 of 9
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
seven_stones
50%
50%
seven_stones,
User Rank: Apprentice
4/20/2019 | 2:09:36 PM
Re: SOC-as-a-Service is critical for mid-market
"Figure out what their traditional SIEM alerts mean"? The meaning is usually fairly clear from the default alert text. What the vast majority of organisations need is help with first configuring meaningful alerts (not just the defaults) and then how to respond to them - and this is only possible after gaining intimate knowledge of the environment. Is this part of the offering also? I doubt it because that wouldn't be economical - it does actually take time and skilled resource.

SIEM cannot be outsourced aside from the first level response of a SOC capability - and then only after the aforementioned use cases are configured and the capability is tuned - 18 months at least.

These services do little more than add to the problem.
AaronB633
50%
50%
AaronB633,
User Rank: Apprentice
4/15/2019 | 5:30:14 PM
SOC-as-a-Service is critical for mid-market
Glad to see SOC-as-a-Service highlighted as a practical solution for the masses that don't have the wherewithal to staff, resource, and retain an in-house SOC. It's also interesting to see the debate over the definition of this as a defined market. As a side effect of a fast-paced growing market, the phraseology of what's what is very nuanced. What's the difference between an MSSP, a co-managed SIEM, or a SOC-as-a-Service? Depends on who you ask. It would be interesting for sure to see a detailed and agreed-upon definition for each.

Vendors, such as ourselves, can easily see ourselves fitting all three of those categories. At Netsurion, we deliver what we call a co-managed SIEM. I would say that it easily aligns with the concept of a SOC-as-a-Service as well. It includes a fractional SOC team (EventTracker SOC) to fit the needs of the organization, that operates a SIEM platform (EventTracker SIEM) complete with managed security services like vulnerability assessment service, managed EDR (EventTracker EDR), and even managed threat deception service (EventTracker Honeynet) to name a few.

I think regardless of where you land on MSSP, co-managed SIEM, and SOC-as-a-Service markets, most would agree that more technology alone is not going to cut it for 90% of organizations with a security team of 1... or none. All of these solutions address the need for cybersecurity convergence, but are different in what degree do they provide product, people, and process to solve the problem. What layers of defense are within scope? How is it deployed and maintained? How are responsibilities aligned between vendor and customer? 
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/3/2020
Data Loss Spikes Under COVID-19 Lockdowns
Seth Rosenblatt, Contributing Writer,  5/28/2020
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing Writer,  5/29/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13777
PUBLISHED: 2020-06-04
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TL...
CVE-2020-10548
PUBLISHED: 2020-06-04
rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10549
PUBLISHED: 2020-06-04
rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10546
PUBLISHED: 2020-06-04
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10547
PUBLISHED: 2020-06-04
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.