How is SOC as a Service Different from Managed Antivirus?

  • Cybersecurity technology and products are constantly evolving to meet the ever-changing threat landscape. Managed Service Providers (MSPs) are essential to provide the best possible protection for customers, as well as for endpoints and cloud applications. It is important to explain to customers how Security Operations Center (SOC) as a service differs from managed antivirus products.

    Todd Thiemann, Director of Product Marketing at Arctic Wolf Networks, explains the difference between these two services. "SOCs provide organizations with the capabilities they need to monitor threats and respond to security incidents, including a category that Gartner calls" controlled detection and response. "SOCas a Service is a managed service that monitors all security telemetry for of threats, including networks, endpoints and clouds (IaaS and SaaS). "

    While SOC as a Service monitors the entire network, in addition to cloud and local endpoints, these services typically monitor managed endpoint security products from a single vendor, making this a managed antivirus. It is not the same as detecting and responding to managed endpoints and managed endpoints.

    He adds that Security Operations Center as a service is independent of security protection tools. "Managed antivirus generally targets only antivirus products from a single vendor, but SOC as a service can ingest security telemetry from security solutions that can send log data," he says. .. "SOC as a Service also often captures key endpoint detections and responses, as well as registry data from antivirus tools."

    SOC threat detection

    According to Seaman, NIST's cyber security framework is based on five capabilities.

    • to protect
    • Detect
    • answer
    • Recover
    • Identify

    "SOC as a Service monitors the threats that companies can pass through the protection layer," he says. “In addition to protecting our environment, we also need to monitor the threats that inevitably enter. While we focus on detection and response, they can be exploited to help companies reduce their attack surface. It also helps protect us by identifying potential vulnerabilities. " Arctic Wolf covers the "protection" part of our cybersecurity plan through vulnerability assessment and vulnerability management.

    If Managed Antivirus or Managed Endpoint Protection and Response (MEDR) is seen in only one dimension (i.e. the endpoint), SOC as a service is Monitor multiple dimensions and correlate between them. By capturing security telemetry from all aspects of an organization's systems and augmenting it with threat intelligence, it is effective at detecting data to find malicious activity. "We detected suspicious logins in Office 365 and other cloud solutions that could allow an attacker to compromise their endpoint," he says.

    When SOC as a Service encounters a threat, it notifies the end user of the context to be corrected. "And SOC as a service avoids a set of false positive alerts that users cannot address," says Tiemann.

    Businesses are moving to SOC as a service

    According to Seaman, MSPs should be aware that the Security Operations Center as a service is very active. "Clients understand that managed services are preferable to buying a set of tools and struggling to find the rare talent to operate them."

    Large companies may have a local SOC, but medium and small and medium-sized companies are looking for outsourcing solutions. "Customers are looking for independent vendor security vendor tools in case they want to move between vendors, and are looking for a solution that provides coverage in multiple dimensions, including network, endpoint and cloud. “They may also need to comply with cyber security compliance obligations for systems that require monitoring and record retention, such as PCI DSS and HIPAA.