SOC as a Service is an offering from a cybersecurity company that typically acts as a customer’s entire 安全运营中心(SOC). 由于情有可原的情况, like a talent shortage or the fact that a business may be in startup or mid-life mode without the resources to property secure its network, SOC即服务(SOCaaS) can act as that organization’s tactical console from which it can track security alerts, 防范网络攻击, 提高整体安全态势.
根据IDC, organizations can outsource a set of security functionality to a SOC team, including those such as SIEM, 脆弱性管理, 终端安全,以及其他检测和响应工具. 客户组织也可以注册整个服务菜单. Delivered as cloud service though, operations will occur offsite 和 hosted in the cloud. A few real-world outcomes that SOCaaS providers look to provide on behalf of a customer are:
记住这一点, it’s also important for a business or security organization to conduct a thorough analysis of their current security program, identifying its strengths 和 weaknesses 和 practice areas they may not previously have addressed. 这将有所帮助 缩小焦点 将SOCaaS供应商搜索转换为客户唯一的标准.
Perhaps the biggest benefit of engaging a service provider to take on a particular area of security concern is that a customer no longer has to worry about that area. 因为SOCaaS包含许多领域, 如上所述, 让我们来看看一些具体的好处:
如果一个团队在检测到异常时反应迟缓, 很有可能会有不同方向的优先调派人员. A SOCaaS provider will dispatch analysts dedicated to responding to cyber threats 和 vulnerabilities 和 taking them down or remediating. 对于内部SOC, 从一种情况到另一种情况的快速上下文切换可能是一种真正的浪费时间, 这是一支专门从事侦查的队伍, 响应, 补救措施将能够更快地进行.
SOC analysts must cover the gamut of specialties, 和 respond quickly on behalf of customers. SOCaaS vendors should be able to provide access to analysts who can address endpoint containment, 威胁狩猎, malware analysis 和 containment, distributed alerting 和 escalation pathways, 和 much more. Underst和ing a SOC’s people, technology, 和 pathways can aid in the search for a trusted vendor.
The benefit of an accelerated evolution of a customer security program can’t be understated. soc每天都面临威胁——或者许多威胁. 有预算来解决安全计划中的不成熟问题是很好的, 但如果没有战略性的内部人才获取计划, then it might be a more efficient solution to shift that focus to finding the right SOCaaS partner.
说到人才获取, building a SOC from the ground up can come with many additional costs than engaging a managed services partner. There are the obvious start-up costs of sourcing the right technology 和 personnel 和 there’s also the specter of churn once you have those people 和 operational processes in place. 在71%左右 半数SOC分析师表示,他们在工作中感到精疲力竭, especially if those analysts only total around seven in number 和 have the weight of the company’s security world on their shoulders.
Even in the event a company or small security organization has decided to begin the search for a SOCaaS vendor, it’s still critical to know the roles 和 responsibilities of the analysts 和 staff in that SOC. 毕竟,他们是保护你的环境和声誉的人.
这个人/职位负责监督SOC, 并将负责直接管理一个由几个人组成的安全团队. The SOC manager role involves developing an overall security strategy for the company – creating a vision for hiring, 构建过程, 开发技术栈. 这个人应该能够提供技术指导和管理监督.
供应商SOC中的分析师将对其进行处理、警报和分类. During that investigation, they’ll determine where in the patch or remediation queue it should fall. 对于内部安全组织来说,警报可能会占用大量时间, 并且有一个团队来管理和自动化分诊过程, 它可以大大减轻那些内部团队的日常负担.
这种类型的分析师通常会从他们的一级对手那里发出警报. 如果警报出现在这个人的队列中, 这意味着已经确定它是真实的,应该优先作出反应. 对警报进行更深入的调查, 识别受影响的系统, 制定响应和/或补救计划是该角色的关键职责.
在这个过程的这个阶段,狩猎开始了. 如果事件被确定为更严重的性质, a threat hunter will look at how an attacker or threat was able to get past initial security checks. 威胁搜索使安全分析师能够积极地查看客户的网络, 端点, 和 security technology to look for threats or attackers that may be lurking as-yet undetected.
架构师通常负责构建安全架构, 工程安全系统, 实施这些系统. 他们还应该能够记录需求, 程序, 以及他们创建的体系结构和系统的协议. 另外, they’ll weigh in on key regulatory 和 compliance requirements on behalf of their SOCaaS clients.
SOC是公司网络安全运营的控制中心, 因此发生了一些复杂的操作. 有些方面是自动化的,有些是人工操作. And a customer organization searching for the right partner is about to outsource some – or all of – those operations. Let’s take a look at some challenges of SOCaaS as a business decides to put their digital trust into the h和s of an outside team.
一个易受攻击的阶段将跟随SOCaaS提供者的任何约定. 这是, 提供商必须配置其技术堆栈以在新客户的环境中工作, 和 the client must ready its network for the deployment of monitoring protocols by the new provider. Testing 和 implementation of a template for gathering 和 acting upon insights will follow during the next phase of the ramp-up period.
保护客户的网络安全是一回事, 但确保数据在SOCaaS提供商端是安全的则完全是另一回事. 因此, it’s critical for a customer to do their research to find a provider whose own defenses are fortified to protect the enterprise data of all of its clients. 这本质上变成了一个供应链问题, 应该考虑到这种方法所带来的所有因素.
Full access 和 autonomy to a provider’s operations – as concerns a specific customer – can be expensive for that customer. 虽然从技术上讲,它是由客户网络生成的信息, SOCaaS提供者所采取的操作和动作是他们自己的. 考虑到这一点, it’s clear why gaining full access to log data can be pricey for a security organization.
Perhaps one of the most critical considerations is regulatory st和ards 和 remaining in compliance when h和ing over the keys to any part of a security organization’s operations. A large part of staying in compliance is communication 和 reporting, inside the company 和 out. 公司 executives will need continuous reporting to communicate compliance in good st和ing to certain regulatory bodies. It’s key to know whether the SOCaaS provider h和les compliance or if they outsource the practice to a third-party provider.
了解更多关于Rapid7的信息 托管SOC服务