SOC as a Service
The KuppingerCole Market Compass provides an overview of the product or service offerings in a certain market segment. This Market Compass covers the Security Operations Center-as-a-Service (SOCaaS) market that has emerged and continues to develop in response to demand for security monitoring, analysis, detection, response, and improvement recommendations either instead of or as a supplement to permanent on-premises SOCs.
1 Management Summary
The KuppingerCole Market Compass provides an overview of a market segment and the vendors in that segment. It covers the trends that are influencing that market segment, how it is further divided, and the essential capabilities required of solutions. It also provides ratings of how well these solutions meet our expectations.
This Market Compass covers solutions that provide as a cloud-based service all the benefits of a Security Operations Center (SOC) such as the support of a team of information security experts that monitors and analyzes security systems to provide proactive and reactive cyber defense capabilities.
This means even small and mid-size organizations can tap into all the benefits of having a SOC, which is common in large size organizations, but without the expense of running such an operation on premises and all the challenges of finding and retaining people with the necessary skills.
SOC-as-a-Service (SOCaaS) solutions, also known as outsourced or co-managed SOCs, are a type of managed security service (MSS) that is cloud-based, built on a multi-tenant Software-as-a-Service (SaaS) platform, and goes beyond the offerings of traditional Managed Security Service Providers (MSSPs). MSSPs typically monitor and manage intrusion detection systems (IDS), firewalls, anti-virus and anti-spam systems, virtual private networks (VPNs), endpoint protection (EPP), and endpoint detection & response (EDR). SOCaaS, however, typically includes all of that plus a team of analysts to resolve every alert, identify and analyze indicators of compromise (IoCs), and analyze and respond to attacks to minimize the impact of security incidents, while at the same time optimizing an organization’s protection, detection and response capabilities through continual assessment and reporting, including guidance on security strategies and policies. SOCaaS, therefore, also includes services that typically make up managed detection and response (MDR) solutions and can be considered as an evolution of both MSS and MDR.
Like an on-premises SOC, SOCaaS includes round the clock monitoring and analysis of internet traffic, corporate networks, desktops, servers, endpoint devices, databases, applications, cloud infrastructure, firewalls, threat intelligence, intrusion prevention, and security information and event management (SIEM) systems for signs of a security incident.
Where there is little or no in-house security capability, SOCaaS helps organizations outsource at a fixed, predictable cost the entire security operation, including the analysis of SIEM alerts and security-related management of networks, endpoints, applications, websites, and databases.
Where there is some in-house security capability, SOCaaS can be used to supplement this wherever necessary to ensure that an organization has at its disposal all the cyber security skills and capabilities required. This is relevant even for very large organizations because the breadth of requirements on SOCs and the skills gap make it challenging and expensive to staff an on-prem SOC.
SOCaaS includes the services of a dedicated team of information security experts that are responsible for analyzing and monitoring an organization’s security posture 24x7, not only to detect, contain and remediate threats, but also to recommend ways of improving security capabilities.
In the face of an increasingly challenging and rapidly changing business, IT and cyber threat environment, there is a growing demand for SOCaaS as most organizations see the value of the benefits on offer, which include:
- Uninterrupted and comprehensive centralized monitoring and analysis of enterprise systems for suspicious activity at a fixed and predictable monthly/annual cost.
- Improved incident response times and practices.
- Faster detection of security events such as compromises and containment of threats.
- Resolution of all alerts to get maximum value out of existing systems.
- Reduced cost and impact on business of security incidents.