Managed security services come in a wide range of potential offerings. The available services can vary greatly from provider to provider, even if they are advertised as the same thing. Understanding what to expect from each type of service is essential to selecting a provider and a service that meets your organization’s needs.
When selecting a managed security provider, you may come across a wide variety of terms, including security information and event management (SIEM), managed security services provider (MSSP), Managed Detection and Response (MDR), and SOC-as-a-Service. Each of these terms can mean different things within the managed security field.
A SIEM managed service system is designed to provide analysis of security alerts for a security team. This typically involves collecting data from multiple sources (i.e. the security devices deployed on your network) and correlating this data for human analysts. A SIEM system can be invaluable for incident detection and response since this alert correlation helps to differentiate false positives from real alerts.
A Managed SIEM service is primarily focused on operating the SIEM technology. These systems often require tuning and maintenance for their deployment environment, and this is performed by the Managed SIEM managed service provider. However, the provider performs no security investigation, providing, at best, a feed of events and alerts to be investigated.
Managed Security Services Providers (MSSPs) are the next step up from a Managed SIEM. An MSSP will monitor network security events and send alerts to their customer if any anomaly is detected.
However, an MSSP will perform no investigation into the alerts that they send. This means that an organization will receive false positives as well as actual alerts and will need to investigate and remediate any incidents in-house. The primary purpose of the MSSP is to alert their customer when something unusual is occurring on their network.
MSSPs are the predecessor of Managed Detection and Response. As a result, some MSSPs have begun branding their products using MDR terminology without providing any investigative services. As a result, it is important to investigate a service provider’s capabilities before making a selection.
Managed Detection and Response (MDR) adds investigative capabilities to a security services provider. An MDR provider will investigate alerts, eliminate false positives, and aid the organization to respond to any identified threats. Some MDR providers include remediation services to help their customers recover from an incident.
Endpoint Detection and Response (EDR) is a subset of MDR focused on monitoring and securing endpoints within an organization’s network. EDR services primarily consist of matching security events against patterns of known malware and quarantining devices as needed. Often, the in-house security staff is responsible for remediation of the endpoints and bringing them back online.
SOC-as-a-Service is a term that does not have a well-defined meaning within the industry. In most instances, a SOC-as-a-Service provider acts as a full-function 24/7 Security Operations Center (SOC), providing services similar to that of an MDR provider.
However, this is not always the case. Before taking advantage of a SOC-as-a-Service offering, it is important to ensure that the services provided match your organization’s requirements.
The choice between service providers boils down to an organization’s particular security needs. Some important considerations include:
Based on these considerations, it should be possible to determine the type of managed security services provider that your organization requires. The next step is to evaluate potential providers and determine if their services can meet your organization’s unique needs.
Looking for Managed Detection and Response or SOC as a Service? See our service offerings
Financial institutions face more cyber threats than almost any other industry. Banks, credit unions, investment…
Healthcare organizations face unique cybersecurity challenges that make choosing the right Security Information and Event…
The cybersecurity industry continues to transform as threats become more sophisticated and attack surfaces expand.…
Cloud computing has transformed how businesses operate, but it's also created new security challenges that…
Security Information and Event Management (SIEM) platforms have become central to modern cybersecurity strategies. These…
Cybersecurity threats are getting more sophisticated every day. Traditional antivirus programs can't keep up with…
