<p>SOC as a service, or <i>SOCaaS</i>, is a type of managed security service provider focused on delivering security operations center services. It differs from a managed SOC by virtue of requiring little or no installation of outsourcer systems or staff within the enterprise environment beyond endpoint agents for provider-hosted extended detection and response (<a href=”https://www.techtarget.com/searchsecurity/definition/extended-detection-and-response-XDR”>XDR</a>).</p>
<p>Some SOCaaS offerings go beyond monitoring and initial response. They might engage in deeper layers of <a href=”https://www.techtarget.com/searchsecurity/definition/incident-response”>incident response</a>, even to final resolution. They could perform vulnerability assessments and security auditing. They typically do not engage in red team pen testing, security awareness training, cybersecurity architecture or cybersecurity policy development.</p>
<section class=”section main-article-chapter” data-menu-title=”Key capabilities and features to look for”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Key capabilities and features to look for</h2>
<p>When evaluating SOCaaS providers, consider the following key capabilities:</p>
<ul class=”default-list”>
<li><b>Platforms, tools, partners and integrations.</b> Which platform does the SOCaaS run on to deliver its services? Does it have its own infrastructure, or is it built on an IaaS platform such as AWS or Google Cloud? Does it use cybersecurity tools from a specific provider, such as CrowdStrike or SentinelOne, or offer a portfolio of options? Does it allow customers to bring their own licenses? Organizations should look for tools and platforms at least as good as those they would provide for themselves and from vendors they find acceptable.</li>
<li><b>Intelligence.</b> The SOC service should include <a href=”https://www.techtarget.com/searchsecurity/tip/Threat-intelligence-vs-threat-hunting-Better-together”>threat intelligence and threat hunting</a> as part of overall cybersecurity posture management and environment monitoring.</li>
<li><b>Automation and scalability.</b> Look for providers that use automation broadly and deeply. This is especially crucial for first-response reactions to obvious attacks in progress. Also, demand active human-in-the-loop options. Be skeptical of a provider’s claims about AI-driven automation, most of which is so new that it would be unwise to trust it outside of low-impact automations or without skilled humans involved.</li>
<li><b>Industry expertise.</b> Seek providers with a proven familiarity with the compliance regimes that apply to their particular industry.</li>
<li><b>Scope and geography.</b> Look for the SOCaaS provider to operate its services out of data centers — their own or cloud — operations centers or other points of presence that can deliver reliable, performant, resilient and compliant services. Seek providers familiar with compliance requirements that apply based on where a company operates and who it serves, such as <a href=”https://www.techtarget.com/whatis/definition/General-Data-Protection-Regulation-GDPR”>GDPR</a>.</li>
</ul>
</section>
<section class=”section main-article-chapter” data-menu-title=”SOCaaS vendors to consider”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>SOCaaS vendors to consider</h2>
<p>The following are five leading SOCaaS vendors to evaluate.</p>
<h3>Arctic Wolf</h3>
<p>Being 100% channel-based, Arctic Wolf sells its platform and services to organizations exclusively through its partner MSSPs.</p>
<p><b>Platforms, tools, partners and integrations:</b> The Aurora Platform is a cloud-native XDR product. Designed to be vendor-agnostic, it integrates with more than 200 major and niche security tools. In most cases, customers can integrate some or all of their existing security stacks.</p>
<p><b>Intelligence:</b> Its threat intelligence service processes trillions of security events weekly, collected from thousands of customer organizations.</p>
<p><b>Automation and scalability:</b> Arctic Wolf leans heavily on machine learning and AI, including an AI security assistant developed with Anthropic, to automate threat detection, triage and analysis, with the goal of <a href=”https://www.techtarget.com/searchsecurity/tip/How-to-reduce-false-positive-alerts-and-increase-cybersecurity”>keeping false positives from reaching human staff</a>.</p>
<p><b>Industry expertise:</b> The vendor claims expertise in several industries, including fin
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: