Understanding the shift from traditional SOC models to next-generation service-based offerings.
From business operations to data storage, the world has moved online. Hackers have quickly followed suit and are becoming more sophisticated, organized, and prolific. Recent studies have found that 54% of organizations have experienced an endpoint attack, and over 60% of attacks now use fileless hacking techniques, leaving companies dangerously exposed to data breaches and in dire need of security services. This uptick in demand is causing a massive global shortfall in cybersecurity talent, with an estimated gap of 1.5 million roles by the end of 2019 and 3.5 million unfilled positions by 2021.
Naturally, many companies are turning to managed service providers (MSPs) to help address the gap. Yet the sheer demand for cybersecurity services is outstripping supply and many MSPs are struggling to find the resources and investment needed to scale their security services to meet the growing market demand.These forces are ultimately redefining the delivery of security services in the market.
The shift from traditional SOC models
The SOC model is shifting from a traditional approach, known for its high barrier to entry with significant upfront investment costs, and high-priced training programs, to the next generation of SOC services. This new generation offers flexible pricing, speedy on-boarding, and on-demand access to high-quality, qualified talent. Although there are now various delivery models and SOC capabilities on the market, it can still be challenging for MSPs to evaluate which model is best aligned to their business needs.
Rather than building DIY or from-scratch security centers, many MSPs are turning to next-generation SOCs that operate using more flexible, service-based models to help scale and compliment existing security teams and investments, resulting in:
- Zero cost of entry and reduced launch times. With next-generation SOCs, the infrastructure and teams are already in place, so MSPs can quickly launch and scale a security offering.
- On-demand access to hard-to-find talent. By outsourcing all (or components) of a SOC, MSPs can tap into a pool of hard-to-find security analysts who receive regular training and upskilling on the latest cybersecurity threats, as well as access to top-tier consultants for incident escalations, forensics, and emergency response participation.
- Proactive protection from threats. Next-generation SOCs benefit from economies of scale: if analysts identify a security threat for one client, they can roll out updates to protect others.
Whether you’re an MSP looking to completely outsource your security operations or supplement your existing offering with hard to find talent, there are different options to suit your evolving business needs. We’ve broken down two SOC-as-a-Service options - Managed Operations versus Dedicated Operations - to help you determine which solution is right for you.
Managed SOC or Dedicated SOC: which option is right for you?
The type of delivery model you choose will come down to your business needs.
Delivery Model 1: Managed SOC
- What is a Managed SOC? A Managed SOC is a service offering, which means you’ll have 24/7/365 security monitoring, as well as access to a shared team of fully trained security analysts, SOC Managers, SIEM content authors, and engineers. This SOCaaS model also offers transparency, with access to a single view portal of all activities, processes, and tracking on KPIs, as well as a turnkey SOC platform.
- Who’s it suitable for? A managed SOC is ideal if you’re an MSP whose customers are relying on you to monitor, detect, and respond to today’s cybersecurity threats and you currently don’t have an existing 24/7 SOC. With a Managed SOC, you don’t need to worry about choosing, launching and maintaining tools or recruiting dedicated analysts, meaning it’s quick and easy to launch and scale.
- Time to market: Setting up a Managed SOC is fast, and can take anywhere from a few days to a few weeks. On top of this, it’s a service-based delivery model that is designed to scale with your growing security needs.
- Considerations: Many SOCaaS providers have built their offer with little flexibility in mind. This often forces MSPs to stray from their desired delivery method or strategy in favor of quickly getting security solution to market. Be sure to assess the flexibility of your SOCaaS provider’s tech stack, their in-house expertise, and their willingness to work with you to customize a solution that is tailored to you and your customers’ needs.
Delivery Model 2: Dedicated SOC
- What does a Dedicated SOC offer? A Dedicated SOC is a service offering that allows an MSP to have access to an exclusive, dedicated network of experienced security analysts to supplement or scale their existing teams. In this model, security experts are trained to work within your organization’s existing processes and suite of security tools. Working hours can also be fully customized based on your needs.
- Who’s it suitable for? Dedicated SOCs are best suited for MSPs who have existing security products and teams but are struggling to cover 24/7 shifts, or for those who want to scale their existing security operations to meet customer demand. Dedicated teams are also the perfect option for MSPs who want to retain control and transparency over their security operations.
- Time to market: As Dedicated SOC teams operate within your existing framework, it can take 1-2 months to integrate and launch.
"One of the biggest challenges I face in growing my security business is ensuring that we have the right analyst team to scale with our customers. Bolton Labs is an integral part of our talent strategy - I have been able to build out an extension of my SOC rapidly and easily. As a result, our security business is growing faster than we originally planned."
- Tom Neclerio, Vice President of Security Services at United Data Technologies
Over to you
The next generation of SOC offerings deliver a range of benefits that can be tailored to best suit your business needs. Whether you’re looking for SOC-as-a-Service under a managed or dedicated model, Bolton Labs offers the right solution to support and scale your SOC operations; get in touch today.