What factors should MSPs and MSSPs consider when choosing between MDR and SOCaaS?

MSPs and MSSPs should consider several factors when choosing between MDR and SOCaaS, including their clients’ specific cybersecurity needs, the level of expertise and resources required to provide effective cybersecurity services, and the cost-effectiveness of each option. Ultimately, the decision will depend on the specific needs and goals of each MSP or MSSP client.

What are the benefits of SOCaaS over MDR for MSP and MSSP companies?

SOCaaS offers several benefits over MDR for MSP and MSSP companies, including:

  1. Scalability: SOCaaS allows MSPs and MSSPs to scale their cybersecurity services as their clients’ needs grow, without requiring additional investment in personnel or infrastructure.
  2. Flexibility: SOCaaS providers can offer customized cybersecurity solutions to meet the specific needs of each MSP or MSSP client, rather than providing a one-size-fits-all approach.
  3. Comprehensive Security: SOCaaS offers a comprehensive approach to cybersecurity, providing both real-time threat detection and response, as well as ongoing security advisory and guidance to help MSP and MSSP clients stay ahead of emerging threats.
  4. Cost-Effective: SOCaaS can be a cost-effective alternative to MDR for MSPs and MSSPs, particularly for smaller or mid-sized clients that may not require the same level of resources or expertise as larger organizations.

What is MDR?

MDR (Managed Detection and Response) is a cybersecurity service that provides continuous monitoring and detection of cyber threats. MDR providers use a combination of technology and human expertise to detect and respond to threats in real-time.

What level of support can I expect from a SOCaaS provider?

The level of support provided by a SOCaaS provider will vary depending on the specific service being offered and the level of service selected by the client. However, most providers offer 24/7 monitoring and support, as well as access to expert security analysts and incident response teams.

What certifications should I look for in a SOCaaS provider?

When selecting a SOCaaS provider, it is important to look for certifications such as SOC 2, ISO 27001, and PCI DSS. These certifications indicate that the provider has implemented strong security controls and practices to protect client data and systems.

How is SOCaaS priced?

SOCaaS is typically priced based on the number of endpoints or devices being monitored, as well as the level of service required by the client. Pricing models may include monthly subscriptions or pay-per-use options, depending on the provider and the specific service being offered.

How does SOCaaS integrate with existing security tools?

SOCaaS can integrate with existing security tools through APIs and other integration points. This allows the service to collect and analyze security data from multiple sources, including firewalls, IDS/IPS systems, endpoint protection tools, and more.

What types of security threats does SOCaaS detect?

SOCaaS is designed to detect a wide range of security threats, including malware, ransomware, phishing attacks, data breaches, insider threats, and more. The service uses advanced threat intelligence and analytics tools to identify potential threats and respond to them in real-time.

How does SOCaaS work?

SOCaaS works by collecting and analyzing security data from client environments in real-time. This data is then analyzed by expert security analysts using advanced tools and technologies to detect and respond to potential threats and incidents.

What are the benefits of SOCaaS?

SOCaaS offers several benefits to MSP and MSSP companies, including:

  • Reduced infrastructure and operational costs
  • Improved security posture for clients
  • Access to expert security analysts and threat intelligence
  • Scalability and flexibility to meet changing client needs
  • 24/7 monitoring and management of security incidents

What is SOCaaS?

SOCaaS refers to Security Operations Center as a Service, which is a cloud-based service that provides round-the-clock monitoring and management of cybersecurity threats and incidents. SOCaaS is offered by MSP and MSSP companies to their clients to help them better manage their security posture and minimize their risk of cyber attacks.

What are the biggest current cybersecurity threats?

Wire transfer fraud and ransomware are two of the most serious dangers that businesses face.

When a manual bank transfer is used to transfer funds between entities, it is known as wire transfer fraud. Attackers gain access to an organization’s email system and begin hunting for personnel involved in finance and payments.

Attackers can linger in email for months, waiting for a payment to compromise the account. The two entities will then exchange payment information through email, with a second email inserted to make it appear as if there was a transcription error and to kindly use the new account number (or take the exchanged credentials and attack the bank account directly).

The money is then diverted out of the fake destination before anyone notices. There are more variations of this assault, but this one highlights the importance of verified wire transfer verification that employs many techniques to avoid this type of theft.

Ransomware is a type of malicious software (malware) that encrypts data and vital system files, making systems and data unusable unless decryption is performed. Decryption is only feasible with a key that can only be obtained if the attacker is paid a ransom. These ransoms are paid in cryptocurrencies like Bitcoin and can cost anywhere from a few hundred dollars to millions of dollars.

The methods for attacking and infecting organizsations have evolved to include sophisticated and difficult-to-distinguish emails (phishing) or using other malware to spread their ransomware payloads (while attacks against home users are down, targeted attacks against companies and municipalities are sharply increasing) of which the Emotet virus is currently the most common.

These extortionists have evolved into sophisticated operations with help desks, round-the-clock technological support, and skilled negotiators. They try to encrypt at off-peak hours and target backup methods to make recovery difficult without paying the ransom — as a result, many organizations pay the ransom to recover their systems and data in days rather than weeks or months (or not at all). Because of the high expense of recovery, some ransomware-infected businesses have had to close their doors.

inSOC provides an Intrusion Detection option to ensure that MSPs and MSSPs can help customers stay ahead of ever-evolving cyber criminals.

Where does inSOC process data?

For customers in the UK, EU and anywhere outside of North America, we have a Data Processor in Paris, France. For customers within North America we have a US Data Processor in Dallas, Texas.

In what regions do you operate?

We currently service customers in the USA, Canada, UK, Ireland, EMEA, South East Asia and ANZ.

Do you sell direct to end users?

No. We only sell via our MSP and MSSP clients. We would never sell to the end client directly.

Do you offer a virtual sensor?

Yes. In the case of a virtual environment, we are able to deploy our Linux sensor to monitor traffic in place of the hardware appliance.

What is your SLA for offline hardware sensor?

We alert on a powered down hardware sensor the same working day.

What is your SLA for stale or failed agents?

We report stale or misconfigured agents within 5 days of first alert. These alerts can often be mistriggered by another activity, therefore we work with our partners to eliminate any false positives.

What devices do you deploy an agent on?

We have agents in Windows and Linux format which are deployed on servers to monitor logs and critical workstations where necessary.

What does your API connector monitor?

Our API connector monitors cloud environments such as Office 365, AWS, Azure and Google Workspace (formerly G Suite). It also monitors for alerts such as failed logins, failed logins from foreign geographies, impossible travel distance, etc. A further outline can be found in the SOW provided.

Is your SIEM tool multi tenant?

Yes. Our open-XDR based SIEM tool, Starlight by Stellar Cyber, shows all tenants within the single command centre which you will be given (read only) access to.

Can I easily scale from a small initial implementation to a large enterprise solution?

Yes. We have designed our packages in a way that allows you to begin at an accessible starting point, and then scale up effectively and efficiently. We can add additional sites as required through the deployment of a hardware sensor, and we will also ensure that each new site is taken through the same on boarding process as the original to align with the relevant NIST Cybersecurity Framework and CIS Critical Security Controls.

Do you offer a white label service?

Yes. Any inSOC package can either be white labeled or presented as your trusted security partner. inSOC’s name does not appear on our dashboards or the reports that we provide to you as the MSP or MSSP. We always provide reports directly to you and not your clients.

What is the alert SLA?

15 mins for security incidents. 30 mins for security events. 24 hours for security threats.

Do you provide API access?

Yes. We create API connectors for limited data sources, which can be developed as required.

Do you provide SYSLOG ingestion?

Yes. We provide SYSLOG forwarding with our One Stop SOC packages.

What is the typical time to deploy?

Our onboarding process is typically 30-45 days depending on the size and complexity of the client. This includes the installation of the hardware/software and the hardening and tuning of the environment to the relevant CIS Critical Security Controls.

How easy is deployment / simple client network configuration?

All hardware sensors are preconfigured by our team for each specific environment. Our on boarding team also hold weekly calls to complete the configurations directly with your team during the meeting. We have designed our packages to be as simple to deploy as possible, and this is also layered with a dedicated team to support your engineers with each installation.

Do you provide template guides for policies, procedures and configurations?

We provide guides for all installations and walk you through every step of the process on a weekly call, which can also be arranged more frequently if required.

Do you have multiple delivery centers operating 24/7/365?

Our SOC team operate 24/7/365 from a single delivery center. Our CISSPs operate both out of the service delivery center and also within specific geographic regions, to allow for compliance with our MSP and MSSP customers.

What is the standard log retention policy?

We have a 12 month log retention policy by default. However, if any customers need longer due to compliancy we can accommodate this on a case by case basis.

What is the first step I should take before selling cybersecurity?

An essential starting point in securing your own network and to assist you in selling cybersecurity services is a Security Maturity Level Assessment. This evaluation involves a gap analysis and risk assessment with the aim of identifying a Security Maturity Level, and is used as the basis of a complete cybersecurity strategy – for your client or for your own MSP/MSSP.

How can I ensure my own network is secure?

With MSP Protect, our not-for-resale, MSP-only security product. Based on our popular One Stop SOC Power package you’ll get an open-XDR based next-gen SIEM, weekly vulnerability scanning, monthly risk reporting and 24/7/265 SOC service. Our team will get you onboarded and assist you in implementing the appropriate CIS Critical Security Controls.

Does inSOC offer white label cybersecurity?

Yes. All of our security resale packages are designed for you to offer as an MSP/MSSP under your own brand. They are fast to deploy, profitable to resell, and require no additional cybersecurity expertise.

How do I build a successful cybersecurity business?

Our two-stage MSSP Accelerator program is aimed at giving you all the tools and guidance you need to package, market and sell cybersecurity – and become a market leader with the option to achieve SSAE 19 certification.

Where do I begin reselling cybersecurity services?

Our Cybersecurity Services consultancy covers the foundations of cybersecurity such as Security Maturity Level Assessment, vCISO (Virtual Chief Information Security Officer) service, and achieving regulatory compliance. These are the starting points for your clients’ (and your own) network security.

I’m an MSP/MSSP – is inSOC for me?

Yes. We have designed inSOC and our cybersecurity packages for MSPs and MSSPs from the ground up. Whatever stage your MSP or MSSP is at, we have profitable, scalable and easy-to-onboard solutions for you.

What does inSOC do?

We provide a complete range of cybersecurity services designed specifically for resale by MSPs and MSSPs.

Our solutions include SOC as a Service,  open-XDR based Threat Detection, Managed Detection & Response, Vulnerability Management, Intrusion Detection, and a range of scalable packages based on the NIST Cybersecurity Framework and CIS Critical Security Controls.

We also offer Incident Response, Security Maturity Assessments, Security Risk Assessments, vCISO services, Compliance, Governance and Privacy Consultancy, Penetration Testing and Security Awareness Training.