Cloud

4/12/2019
10:50 AM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail

8 'SOC-as-a-Service' Offerings

These new cloud services seek to help companies figure out what their traditional SIEM alerts mean, plus how they can prioritize responses and improve their security operations.
1 of 9

Image Source: Adobe Stock: tonsnoei

Image Source: Adobe Stock: tonsnoei

1 of 9
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
seven_stones
50%
50%
seven_stones,
User Rank: Apprentice
4/20/2019 | 2:09:36 PM
Re: SOC-as-a-Service is critical for mid-market
"Figure out what their traditional SIEM alerts mean"? The meaning is usually fairly clear from the default alert text. What the vast majority of organisations need is help with first configuring meaningful alerts (not just the defaults) and then how to respond to them - and this is only possible after gaining intimate knowledge of the environment. Is this part of the offering also? I doubt it because that wouldn't be economical - it does actually take time and skilled resource.

SIEM cannot be outsourced aside from the first level response of a SOC capability - and then only after the aforementioned use cases are configured and the capability is tuned - 18 months at least.

These services do little more than add to the problem.
AaronB633
50%
50%
AaronB633,
User Rank: Apprentice
4/15/2019 | 5:30:14 PM
SOC-as-a-Service is critical for mid-market
Glad to see SOC-as-a-Service highlighted as a practical solution for the masses that don't have the wherewithal to staff, resource, and retain an in-house SOC. It's also interesting to see the debate over the definition of this as a defined market. As a side effect of a fast-paced growing market, the phraseology of what's what is very nuanced. What's the difference between an MSSP, a co-managed SIEM, or a SOC-as-a-Service? Depends on who you ask. It would be interesting for sure to see a detailed and agreed-upon definition for each.

Vendors, such as ourselves, can easily see ourselves fitting all three of those categories. At Netsurion, we deliver what we call a co-managed SIEM. I would say that it easily aligns with the concept of a SOC-as-a-Service as well. It includes a fractional SOC team (EventTracker SOC) to fit the needs of the organization, that operates a SIEM platform (EventTracker SIEM) complete with managed security services like vulnerability assessment service, managed EDR (EventTracker EDR), and even managed threat deception service (EventTracker Honeynet) to name a few.

I think regardless of where you land on MSSP, co-managed SIEM, and SOC-as-a-Service markets, most would agree that more technology alone is not going to cut it for 90% of organizations with a security team of 1... or none. All of these solutions address the need for cybersecurity convergence, but are different in what degree do they provide product, people, and process to solve the problem. What layers of defense are within scope? How is it deployed and maintained? How are responsibilities aligned between vendor and customer? 
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor Networks,  4/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-18643
PUBLISHED: 2019-04-25
GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS.
CVE-2018-19359
PUBLISHED: 2019-04-25
GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control.
CVE-2019-11488
PUBLISHED: 2019-04-25
Incorrect Access Control in the Account Access / Password Reset Link in SimplyBook.me Enterprise before 2019-04-23 allows Unauthorized Attackers to READ/WRITE Customer or Administrator data via a persistent HTTP GET Request Hash Link Replay, as demonstrated by a login-link from the browser history.
CVE-2019-11489
PUBLISHED: 2019-04-25
Incorrect Access Control in the Administrative Management Interface in SimplyBook.me Enterprise before 2019-04-23 allows Authenticated Low-Priv Users to Elevate Privileges to Full Admin Rights via a crafted HTTP PUT Request, as demonstrated by modified JSON data to a /v2/rest/ URI.
CVE-2019-3720
PUBLISHED: 2019-04-25
Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient san...