An elite team of experts ready to detect 和 respond
2024 MDR买家指南SOC as a Service is an offering from a cybersecurity company that typically acts as a customer’s entire 安全运营中心(SOC). 由于情有可原的情况, like a talent shortage or the fact that a business may be in startup or mid-life mode without the resources to property secure its network, SOC即服务(SOCaaS) can act as that organization’s tactical console from which it can track security alerts, 防范网络攻击, 和 improve overall security posture.
根据IDC, organizations can outsource a set of security functionality to a SOC team, including those such as SIEM, 脆弱性管理, 终端安全, 和 other detection 和 响应 tools. A customer organization could also sign up for the entire menu of services. Delivered as cloud service though, operations will occur offsite 和 hosted in the cloud. A few real-world outcomes that SOCaaS providers look to provide on behalf of a customer are:
记住这一点, it’s also important for a business or security organization to conduct a thorough analysis of their current security program, identifying its strengths 和 weaknesses 和 practice areas they may not previously have addressed. 这将有所帮助 缩小焦点 of a SOCaaS vendor search to criteria unique to the customer.
Perhaps the biggest benefit of engaging a service provider to take on a particular area of security concern is that a customer no longer has to worry about that area. 因为SOCaaS包含许多领域, 如上所述, let’s take a look at some of the specific benefits:
If a team is slow to respond when an anomaly is detected, odds are there are priorities pulling personnel in multiple directions. A SOCaaS provider will dispatch analysts dedicated to responding to cyber threats 和 vulnerabilities 和 taking them down or remediating. 对于内部SOC, rapid context switching from situation to situation can be a real time suck, thus a team dedicated solely to detection, 响应, 和 remediation will be able to move much faster.
SOC analysts must cover the gamut of specialties, 和 respond quickly on behalf of customers. SOCaaS vendors should be able to provide access to analysts who can address endpoint containment, 威胁狩猎, malware analysis 和 containment, distributed alerting 和 escalation pathways, 和 much more. Underst和ing a SOC’s people, technology, 和 pathways can aid in the search for a trusted vendor.
The benefit of an accelerated evolution of a customer security program can’t be understated. SOCs are faced with threats every day – or many of them. Having a budget to address immaturity in a security program is great, but if there is no strategic in-house talent acquisition plan, then it might be a more efficient solution to shift that focus to finding the right SOCaaS partner.
说到人才获取, building a SOC from the ground up can come with many additional costs than engaging a managed services partner. There are the obvious start-up costs of sourcing the right technology 和 personnel 和 there’s also the specter of churn once you have those people 和 operational processes in place. 在71%左右 of SOC analysts say they feel burned out on the job, especially if those analysts only total around seven in number 和 have the weight of the company’s security world on their shoulders.
Even in the event a company or small security organization has decided to begin the search for a SOCaaS vendor, it’s still critical to know the roles 和 responsibilities of the analysts 和 staff in that SOC. After all, they’ll be the ones protecting your environment – 和 reputation.
This person/position oversees the SOC, 和 will be in charge of directly managing a security team of several people. The SOC manager role involves developing an overall security strategy for the company – creating a vision for hiring, 构建过程, 和 developing the technology stack. This person should be able to provide both technical guidance 和 managerial oversight.
An analyst in the provider’s SOC will field 和 alert 和 triage it. During that investigation, they’ll determine where in the patch or remediation queue it should fall. Alerts can take up a significant amount of time for an in-house security organization, 和 with a team managing 和 automating the triage process, it can drastically reduce the daily burden on those in-house teams.
This type of analyst will typically field alerts from their Tier 1 counterpart. If an alert ends up in this person’s queue, that means it has been determined to be real 和 should be prioritized for 响应. Deeper investigation into the alert, 识别受影响的系统, 和 crafting of a 响应 和/or remediation plan are key responsibilities of this role.
At this stage of the process, the hunt is on. If the incident has been determined to be of a more severe nature, a threat hunter will look at how an attacker or threat was able to get past initial security checks. A threat hunt enables security analysts to actively look at a customer’s network, 端点, 和 security technology to look for threats or attackers that may be lurking as-yet undetected.
An architect is typically responsible for building security architecture, 工程安全系统, 实施这些系统. They should also be able to document the requirements, 程序, 和 protocols of the architecture 和 systems they create. 另外, they’ll weigh in on key regulatory 和 compliance requirements on behalf of their SOCaaS clients.
A SOC is the control center for a company’s cybersecurity operations, thus there are some complex operations taking place. Some aspects are automated, some are manual human operations. And a customer organization searching for the right partner is about to outsource some – or all of – those operations. Let’s take a look at some challenges of SOCaaS as a business decides to put their digital trust into the h和s of an outside team.
A vulnerable phase will follow any engagement of a SOCaaS provider. 这是, the provider must configure its tech stack to work within a new client’s environment, 和 the client must ready its network for the deployment of monitoring protocols by the new provider. Testing 和 implementation of a template for gathering 和 acting upon insights will follow during the next phase of the ramp-up period.
Securing a customer’s network is one thing, but ensuring the data is safe on the SOCaaS provider’s side is another altogether. 因此, it’s critical for a customer to do their research to find a provider whose own defenses are fortified to protect the enterprise data of all of its clients. This essentially becomes a supply chain issue, 和 should be h和led with all the considerations that come with that approach.
Full access 和 autonomy to a provider’s operations – as concerns a specific customer – can be expensive for that customer. While it is technically the information generated by that customer’s network, the operations 和 actions the SOCaaS provider is taking are their own. 考虑到这一点, it’s clear why gaining full access to log data can be pricey for a security organization.
Perhaps one of the most critical considerations is regulatory st和ards 和 remaining in compliance when h和ing over the keys to any part of a security organization’s operations. A large part of staying in compliance is communication 和 reporting, inside the company 和 out. 公司 executives will need continuous reporting to communicate compliance in good st和ing to certain regulatory bodies. It’s key to know whether the SOCaaS provider h和les compliance or if they outsource the practice to a third-party provider.
了解更多关于Rapid7的信息 托管SOC服务