Selling Security Operations Center (SOC) Services: 3 Critical Factors MSPs Must Consider

SolarWinds MSP VP Tim Brown
SolarWinds MSP VP Tim Brown

It doesn’t take much research to discover that the security landscape is getting more complicated every day, and the stakes are getting higher for your customers. In 2017, the term WannaCry became a household name after the ransomware took down 200,000 computer systems from Russia to China to the UK and the US. Victims included hospitals, banks, telecommunications companies, and warehouses. The Equifax breach also dominated headlines, revealing cybercriminals had stolen sensitive personal information of 147.9 million people.

Many MSPs recognize their customers need more sophisticated protection than basic antivirus and spam-filtering software can provide. One of the challenges with delivering multilayered, best-of-breed security protection, however, is that it becomes difficult to manage all the security data from disparate systems, platforms, and applications.

One of the best solutions to your customer’s growing information security challenges is a SOC (security operation center), which is a dedicated resource that’s solely focused on keeping the bad guys away from your customers’ sensitive data and mission-critical business systems. Before offering SOC services, however, MSPs have a few pros and cons to consider.

1. SOC Services Give MSPs a Security Advantage

One of the realities of living in the digital era is that information—and malware—travels fast. Most of the damage caused by the WannaCry outbreak mentioned earlier, which affected systems in 150 countries, all took place within a 24-hour period. When it comes to ransomware and other targeted threats, such as DDoS (distributed denial of service) attacks, every second counts in identifying and shutting down the threat or at least minimizing its effects.

Some of the most prominent advantages MSPs gain by implementing SOCs—and becoming MSSPs (managed security services providers)—include 24/7, real-time monitoring and management of aggregated system logs and data, along with coordinated response and remediation. Besides being able to detect network threats more quickly, SOCs can reduce the number of false positives, offering more accurate reporting to executives, auditors, and security staff. SOC reports also highlight the services happening behind the scenes to keep the customer safe, and they justify the ongoing cost of security services. Additionally, SOCs provide post-incident analysis, such as security forensics and investigation services, to help companies identify the cause of a breach, learn from it, and take appropriate measures to prevent future occurrences.

2. Most Service Providers Can’t Afford to Build and Staff a SOC

Although the basic premise of a SOC is similar to an NOC (network operation center), which entails viewing screens displaying customers’ monitored devices, networks, and software, the differences between the two environments are significant too. For starters, a NOC technician can’t simultaneously fill the role of a SOC analyst, which means the MSP has to add staff (some experts say a minimum of ten full-time engineers and a chief information security officer to manage the engineers), which itself is a multimillion-dollar investment. If a cybersecurity startup’s recent announcement that it raised $125 million to build out its managed security services and SOC is any indication, launching a SOC isn’t a viable option for most MSPs.

3. An Outsourced SOC is a Viable Option, Too

The whole building vs outsourcing SOC is reminiscent of the earlier days of the cloud when MSPs were debating whether to build their own data centers and invest in IT infrastructure, or partner with a public cloud provider such as Amazon or Microsoft. In hindsight, we know  those who made the latter decision fared much better than those who opted to build their own data centers. The fact that most MSPs are already struggling to find cybersecurity talent could be a blessing in disguise for those who would otherwise choose to build a SOC.

For MSPs who choose the outsourced SOC option, it’s critical to partner closely with the SOC service provider, so they can better understand your customer’s environment. Without developing this contextual awareness, SOC service providers cannot effectively manage security and reduce false positives.

Like any outsourcing decision, due diligence is required to ensure the potential partner’s business model, financial stability, customer base, and past performance record are all in alignment with the service provider’s business model. It’s also critical that the SOC service provider is willing to work very closely with the MSP to understand each customer’s environment and remediate security concerns. Without contextual awareness of a situation, the SOC provider cannot efficiently manage security and mitigate false positives.

Final Thoughts on Assessing a Customer’s Need for SOC Services

So, if SOC services are such a great resource, why doesn’t everyone use one? The reality is not every customer needs one. Keep in mind, with SOC services, it’s not primarily a question of security, but of risk. To determine whether a customer is a SOC services candidate, consider these three qualifying questions:

  1. How much business risk does the customer face from a security breach?
  2. How valuable is their data to a cyberadversary?
  3. Can the customer afford SOC services, or is it more appropriate for them to have the necessary security controls and accept the risk?

Will utilizing a SOC service reduce a customer’s risk? In most cases, yes. And, knowing that cyber- threats only continue to grow in importance—combined with the fact that SMBs are increasingly targeted by cybercriminals who view them as low-hanging fruit—it just makes sense for MSPs to take the lead in offering advanced security services. Even if an MSP has to outsource the service to a third-party SOC provider, it can still make money on the services while endearing itself further as its customer’s trusted business advisor.

Tim Brown is VP, security architect, SolarWinds MSP. Read more SolarWinds MSP blogs here.