When it comes to cybersecurity, today’s MSP faces myriad new challenges. Gone are the days of simply managing firewalls and endpoint antivirus. The need for more effective cybersecurity measures means MSPs must figure out how to improve their security offerings without breaking the bank. One way they could do this is by offering SOC as a service.
Fueling this need is the fact that ransomware is no longer relegated to the enterprise — in fact, SMBs and mid-market organizations have become ripe targets for sophisticated attacks, often because they lack the appropriate skillset, tools, and training needed to thwart advanced threats. The latest figures put the average total data breach cost at $4.24 million.
According to Datto’s most recent ransomware survey, the average hourly cost of a ransomware attack is approximately $8,000 per hour until remediation. And it’s not just SMB and mid-market companies at risk. MSPs have become ideal targets, too. According to Kaseya’s 2022 Global MSP Benchmark report, the percentage of MSPs who feel their business is now at greater risk increased from 39% last year to 50% in 2022.
All these factors put MSPs in a challenging position — buy more security tools, which appeals to no one; hire more security professionals, which in this market is nearly impossible; or take advantage of new cybersecurity offerings, such as managed SOC services.
What Is A SOC And Managed SOC Services?
Most IT professionals are familiar with a NOC (Network Operations Center), a centralized function to manage, maintain, and monitor their customers’ networks to ensure maximum uptime, performance, and support-related service level agreements.
A SOC (Security Operations Center) is a centralized function that employs highly trained cybersecurity experts (SOC analysts) and tools to continuously manage, detect, and respond to threats affecting an organization’s IT and data infrastructure. In fact, this ability — to manage, detect and respond — creates the acronym for MDR.
The Rise Of MDR
Most security professionals utilize a cybersecurity framework (CSF) as part of their strategic plans to manage security efforts and reduce risk. Many CSFs use a standard set of security tenets: Identity, Protect, Detect, Respond, and Recovery. Over the last decade, most security spend goes into the “protect” aspect of security. In fact, recent surveys put this at nearly 70 cents of every dollar spent on cybersecurity in the “protect” phase.
Unfortunately, we have seen time and time again that over-investment in protection can still lead to disastrous ransomware attacks and data breaches. This has led many industry analysts and cybersecurity thought leaders to point out that 100% security will never be 100% attained.
A breach is a matter of when not if.
Therefore, organizations need to invest in tools and solutions that address the other elements of CSFs, including detection and response. This focus on detection and response has fueled the rise of many new tools and technologies designed to catch hidden threats that lie latent in a breached environment.
Most successful attacks are sequenced and take place over a lengthy period of time. The average dwell time from compromise to detection is 146 days. That means, for more than four months, once inside your network, a bad actor is stealing credentials (logins and passwords), setting up back-door channels for future command and control activities, removing or disabling antivirus, and moving laterally to find admin credentials and data worth stealing.
Effective managed detection and response solutions catch hidden threats that bypass firewalls and endpoint AV, reduce dwell time, and minimize threat damage overall.
Managed SOC Services — More Than MDR.
Managed SOC services are synonymous with MDR; however, managed SOC services provide additional services that go beyond traditional MDR offerings. Datto Managed SOC, powered by RocketCyber, for example, also provides threat-hunting capabilities for partners. Threat hunting is an advanced ability where highly skilled SOC analysts proactively search for and find indicators of compromise, including the stealthiest of threats lurking in an IT environment.
As part of a 24/7 managed SOC offering, proactive threat hunting takes MSP cybersecurity to a whole new level, giving MSPs a leg up in protection for their customers.
Additional Managed SOC Services May Also Include:
- Log management and storage retention
- Threat correlation with events and threat intelligence
- PSA ticket integration
- Remote worker threat detection and response
When looking for a managed SOC to partner with, it’s essential to consider the size and fit — in addition to the services offered.
Questions to ask include:
- Scope Of Coverage: Does the service provide 24/7 year-round monitoring?
- Location And Responsiveness Of SOC Analysts: Are they local and accessible if you have additional questions or issues?
- Multi-Vector Coverage: Does the managed SOC service monitor more than one threat vector? If so, which ones?
- Mean-Time-To-Detection: How quickly does the managed SOC service respond once an indicator of compromise is discovered?
- Response Deliverable: Once an indicator of compromise is discovered, what level of detailed response is given?
- Pricing: Does this fit your business model, and can you be profitable with it?
The opportunity for partners to offer managed SOC services to their clients is rapidly growing and is expected to skyrocket in the next two years. In addition to generating new revenue streams for an MSP, managed SOC services round out the disproportionate IT spend in protective technologies and reduce tool sprawl, giving businesses a better-balanced security posture and more efficient security stack. And lastly, with a managed SOC, an MSP does not have to be a security expert to gain security expertise. All of this adds up to why the best-kept secret in cybersecurity today is putting a SOC in it.
Get access to FREE partner resources, weekly newsletters, bimonthly webinars and more by subscribing to our MSP Success Magazine email list.