These new cloud services seek to help companies figure out what their traditional SIEM alerts mean, plus how they can prioritize responses and improve their security operations.
1 of 9
At the RSA Conference in San Francisco last month, several vendors were on hand touting security operations center (SOC)-as-a-service.
But Anton Chuvakin, distinguished vice president and analyst at Gartner, summarily dismisses the term as vendor hype. He says he was first intrigued when pointed to the websites of several companies that market SOC-as-a-service. So Chuvakin took an informal poll of Gartner security analysts and found each thought SOC-as-a-service was either vendor hype or another way of positioning a managed security service provider (MSSP) or managed detection and response (MDR) services.
“My mini-research here on SOC-as-a-service confirmed what I told you: There is no such well-defined technology or market,” Chuvakin says.
Interestingly, vendors offering SOC-as-a-service echoed the same sentiment: Traditional security information and event management (SIEM) systems create too much noise, and companies are left figuring out what all of the alerts mean. In addition, the industry had to do more to help enterprises figure out what the alerts mean, prioritize what they need to focus on, and help them create a plan to improve over time.
Christina Richmond, a principal analyst at the Enterprise Strategy Group, says she has seen two types of companies that offer this. The first uses a SaaS-based – usually multitenant – approach that focuses on monitoring/alerting in a cloud environment. The second type is a consulting-based company that builds a SOC on behalf of the client and then runs it. But Richmond sees the SaaS-based model as the one that has caught on in the market.
“I do think this is a niche and a ‘feature’ of the [MSSP] market, but I wouldn’t call it a buzzword,” …
Author: Steve Zurier Freelance Writer