Global MSP Benchmark report , the percentage of MSPs who feel their business is now at greater risk increased from 39 % last year to 50 % in 2022 .
All these factors put MSPs in a challenging position — buy more security tools , which appeals to no one ; hire more security professionals , which in this market is nearly impossible ; or take advantage of new cybersecurity offerings , such as managed SOC services .
What Is A SOC And Managed SOC Services ?
Most IT professionals are familiar with a NOC ( Network Operations Center ), a centralized function to manage , maintain , and monitor their customers ’ networks and to ensure maximum uptime , performance , and support-related service level agreements . A SOC ( Security Operations Center ) is a centralized function that employs highly trained cybersecurity experts ( SOC analysts ) and tools to continuously manage , detect , and respond to threats affecting an organization ’ s IT and data infrastructure . In fact , this ability — manage , detect , and respond — creates the acronym for MDR .
The Rise Of MDR
Most security professionals utilize a cybersecurity framework ( CSF ) as part of their strategic plans to manage security efforts and reduce risk . Many CSFs use a standard set of security tenets : Identify , Protect , Detect , Respond , and Recovery . Over the last decade , most security spend goes into the “ protect ” aspect of security . In fact , recent surveys put this at nearly 70 cents of every dollar spent on cybersecurity in the “ protect ” phase . Unfortunately , we have seen time and time again that over-investment in protection can still lead to disastrous ransomware attacks and data breaches . This has led many industry analysts and cybersecurity thought leaders to point out that
100 % security will never be 100 % attained .
A breach is a matter of when , not if . Therefore , organizations need to invest in tools and solutions that address the other elements of CSFs , including detection and response . This focus on detection and response has fueled the rise of many new tools and technologies designed to catch hidden threats that lie latent in a breached environment . Most successful attacks are sequenced and take place over a lengthy period of time . The average dwell time from compromise to detection is 146 days . That means , for more than four months , once inside your network , a bad actor is stealing credentials ( logins and passwords ), setting up back-door channels for future command and control activities , removing or disabling antivirus , and moving laterally to find admin credentials and data worth stealing . Effective managed detection and response solutions catch hidden threats that bypass firewalls and endpoint AV , reduce dwell time , and minimize threat damage overall .
Managed SOC Services — More Than MDR
Managed SOC services are synonymous with MDR ; however , managed SOC services provide additional services that go beyond traditional MDR offerings . Datto Managed SOC , powered by RocketCyber , for example , also provides threat hunting capabilities for partners . Threat hunting is an advanced ability where highly skilled SOC analysts proactively search for and find indicators of compromise , including the stealthiest of threats lurking in an IT environment . As part of a 24 / 7 managed SOC offering , proactive threat hunting takes MSP cybersecurity to a whole new level , giving MSPs a leg up in protection for their customers .
Additional Managed SOC Services May Also Include :
Log management and storage retention Threat correlation with events and threat intelligence PSA ticket integration Remote worker threat detection and response
When looking for a managed SOC to partner with , it ’ s essential to consider size and fit — in addition to the services offered . Questions to ask include :
• Scope Of Coverage : Does the service provide 24 / 7 yearround monitoring ?
• Location And Responsiveness Of SOC Analysts : Are they local and accessible if you have additional questions or issues ?
• Multi-Vector Coverage : Does the managed SOC service monitor more than one threat vector ? If so , which ones ?
• Mean-Time-To-Detection : How quickly does the managed SOC service respond once an indicator of compromise is discovered ?
• Response Deliverable : Once an indicator of compromise is discovered , what level of detailed response is given ?
• Pricing : Does this fit your business model , and can you be profitable with it ?
The opportunity for partners to offer managed SOC services to their clients is rapidly growing and is expected to skyrocket in the next two years . In addition to generating new revenue streams for an MSP , managed SOC services round out the disproportionate IT spend in protective technologies and reduce tool sprawl , giving businesses a better-balanced security posture and more efficient security stack . And lastly , with a managed SOC , an MSP does not have to be a security expert to gain security expertise . All of this adds up to why the best-kept secret in cybersecurity today is putting a SOC in it . n
VOLUME 3 ISSUE 6 • MSPSuccessMagazine . com | 7