SOCs Become Service Targets

MSSPs are becoming SOCaaS providers. Is it a natural evolution or a short-lived phenomenon in the as-a-service world?

In the race to add ever more capabilities to the "as a service" lexicon, SOCaaS lacks a certain poetry. But what it lacks in linguistic beauty it may make up for in utility for organizations that need more capable security management without the complication or expense of building their own Security Operations Center (SOC).

In the broad market for managed service, SOCaaS is typically considered part of security-as-a-service offered by a managed security service provider (MSSP). So what is is that turns managed security into a full SOC provided by a partner?

According to Gartner, an MSSP, "...provides outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services." A SOC, says Wikipedia, "...is a dedicated site where enterprise information systems (web sites, applications, databases, data centers and servers, networks, desktops and other endpoints) are monitored, assessed, and defended."

The difference, really, is the level of coordination and management supplied by the service provider. An MSSP can provide a variety of different security services and may coordinate two or more of them in a layered defense, but there's the assumption that someone at the hiring company is managing and directing the overall security provided by the services.

SOCaaS, on the other hand, is a much more thoroughly outsourced security system, with both human security experts and automated response systems sitting in the virtual SOC ready to monitor and respond to security issues. The customer may have an IT department that hires the provider and provides management from an IT perspective, but there's no real requirement for any internal security expertise on the buyer's part.

There are a number of companies that are actice the MSSP or related managed detection and response (MDR) markets. These companies include IBM, SecureWorks, Verizon, Symantec, HPE, AT&T, Atos and Arctic Wolf. The question is really how deeply into a client's IT infrastructure the managed services will extend.

In a recent case, the city of Sparks, Nev., explored the possibility of building a SOC to handle its growing security demands and decided instead to contract for a completely virtual SOCaaS with vendor Arctic Wolf. The decision was taken after a series of ransomware and spear-phishing attacks targeted the city's police and fire first responders. While no devastating damage occurred, the city IT staff recognized that a more coordinated effort would be necessary if attacks became larger or more sophisticated.

While MSSPs have become common security partners for the enterprise, especially for mid-size organizations in both government and commercial spaces, SOCaaS is still relatively early in its growth. Is a SOC-as-a-service something that your organization has adopted? Do you think it's an idea "with legs?" Let us know in the comments, below -- and let us know if you have any experience with SOCaaS.

Related posts:

— Curtis Franklin is the editor of SecurityNow.com. Follow him on Twitter @kg4gwa.

Read more about:

Security Now

About the Author

Curtis Franklin, Principal Analyst, Omdia

Curtis Franklin Jr. is Principal Analyst at Omdia, focusing on enterprise security management. Previously, he was senior editor of Dark Reading, editor of Light Reading's Security Now, and executive editor, technology, at InformationWeek, where he was also executive producer of InformationWeek's online radio and podcast episodes

Curtis has been writing about technologies and products in computing and networking since the early 1980s. He has been on staff and contributed to technology-industry publications including BYTE, ComputerWorld, CEO, Enterprise Efficiency, ChannelWeb, Network Computing, InfoWorld, PCWorld, Dark Reading, and ITWorld.com on subjects ranging from mobile enterprise computing to enterprise security and wireless networking.

Curtis is the author of thousands of articles, the co-author of five books, and has been a frequent speaker at computer and networking industry conferences across North America and Europe. His most recent books, Cloud Computing: Technologies and Strategies of the Ubiquitous Data Center, and Securing the Cloud: Security Strategies for the Ubiquitous Data Center, with co-author Brian Chee, are published by Taylor and Francis.

When he's not writing, Curtis is a painter, photographer, cook, and multi-instrumentalist musician. He is active in running, amateur radio (KG4GWA), the MakerFX maker space in Orlando, FL, and is a certified Florida Master Naturalist.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights