Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Management

11/13/2017
06:00 PM
Curtis Franklin Jr.
Curtis Franklin Jr.
Curt Franklin
50%
50%

SOCs Become Service Targets

MSSPs are becoming SOCaaS providers. Is it a natural evolution or a short-lived phenomenon in the as-a-service world?

In the race to add ever more capabilities to the "as a service" lexicon, SOCaaS lacks a certain poetry. But what it lacks in linguistic beauty it may make up for in utility for organizations that need more capable security management without the complication or expense of building their own Security Operations Center (SOC).

In the broad market for managed service, SOCaaS is typically considered part of security-as-a-service offered by a managed security service provider (MSSP). So what is is that turns managed security into a full SOC provided by a partner?

According to Gartner, an MSSP, "...provides outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services." A SOC, says Wikipedia, "...is a dedicated site where enterprise information systems (web sites, applications, databases, data centers and servers, networks, desktops and other endpoints) are monitored, assessed, and defended."

The difference, really, is the level of coordination and management supplied by the service provider. An MSSP can provide a variety of different security services and may coordinate two or more of them in a layered defense, but there's the assumption that someone at the hiring company is managing and directing the overall security provided by the services.

SOCaaS, on the other hand, is a much more thoroughly outsourced security system, with both human security experts and automated response systems sitting in the virtual SOC ready to monitor and respond to security issues. The customer may have an IT department that hires the provider and provides management from an IT perspective, but there's no real requirement for any internal security expertise on the buyer's part.

There are a number of companies that are actice the MSSP or related managed detection and response (MDR) markets. These companies include IBM, SecureWorks, Verizon, Symantec, HPE, AT&T, Atos and Arctic Wolf. The question is really how deeply into a client's IT infrastructure the managed services will extend.

In a recent case, the city of Sparks, Nev., explored the possibility of building a SOC to handle its growing security demands and decided instead to contract for a completely virtual SOCaaS with vendor Arctic Wolf. The decision was taken after a series of ransomware and spear-phishing attacks targeted the city's police and fire first responders. While no devastating damage occurred, the city IT staff recognized that a more coordinated effort would be necessary if attacks became larger or more sophisticated.

While MSSPs have become common security partners for the enterprise, especially for mid-size organizations in both government and commercial spaces, SOCaaS is still relatively early in its growth. Is a SOC-as-a-service something that your organization has adopted? Do you think it's an idea "with legs?" Let us know in the comments, below -- and let us know if you have any experience with SOCaaS.

Related posts:

— Curtis Franklin is the editor of SecurityNow.com. Follow him on Twitter @kg4gwa.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Data Breaches Affect the Enterprise
Data breaches continue to cause negative outcomes for companies worldwide. However, many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download Dark Reading's Report "How Data Breaches Affect the Enterprise" to delve more into this timely topic.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41679
PUBLISHED: 2021-11-30
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter.
CVE-2021-25987
PUBLISHED: 2021-11-30
Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body� and “tags� don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary...
CVE-2021-41678
PUBLISHED: 2021-11-30
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/users/Staff.php, staff{TITLE] parameter.
CVE-2021-41677
PUBLISHED: 2021-11-30
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/functions/GetStuListFnc.php &Grade= parameter.
CVE-2021-42122
PUBLISHED: 2021-11-30
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on an object’s attributes with numeric...