In a previous post we discussed Managed Detection and Response (MDR), today we’re going to discuss the natural next step. As stated in that post, what good is the world’s best alarm system if no one is monitoring it? We will discuss and dispel some common misconceptions, the evolutions of these services and the threat landscape and what it ultimately means for you and your business.
The first misconception we need to discuss is that your IT team, whether in-house or a contracted MSP, is providing SOC services for you, because they’re not unless you have a dedicated and qualified security team. Most MSPs and most in-house IT teams simply aren’t qualified for the task of truly providing comprehensive security services. They will promote security posture and hygiene, but that’s not the same thing.
Every field has general practitioners and specialists, IT is no different. If you take your car to a local mechanic for transmission work, a rotary engine or other specialty item, they will likely tell you to take it to a shop that specializes in those items. Much the same way that your primary care physician will refer to you an oncologist for possible cancer screening review or treatment or to an ENT for inner ear issues. They all have a very wide foundation of knowledge and experience, but know that for specific tasks, specialization is required.
Cybersecurity is one of those specializations within the IT world. Systems administrators and network engineers can provide some value in basic security hygiene, but they are not qualified cybersecurity experts.
The second misconception to tackle is “My business doesn’t need that kind of security”. Unfortunately, that’s no longer the case. It used to be that these services were primarily needed by financial institutions, government agencies, those manufacturing items for the US Department of Defense, etc. Modern cyber criminals are casting much wider nets as became even more true with the advent of ransomware.
Now even a small business with a $500,000 insurance policy becomes a worthy target. What’s even worse is they’re not targeting you, they’re just sending out massive phishing campaigns hoping to sweep up as many companies as possible since paying out the ransom is just a numbers game. Someone will, you just have to catch enough of them to hit the jackpot.
It is for this reason that cybersecurity and cyberbreach insurance policies are specifically asking whether companies have real-time SOC services monitoring their cybersecurity and often drop policies or significantly increase the premiums when the answer is “no”. As the cyber wars escalate, SOC services are going to become the baseline expectation, the same way that antivirus software is today.
The final misconception that we’ll discuss is “I can’t afford SOC services”. Fortunately, like most things, SOC services are beholden to economies of scale. What was once a very niche product in very select industries has become mainstream, which means more vendors want to get into that space to provide services and due to both supply and demand and competition, the prices have plummeted and become affordable for nearly all businesses in most industries.
Radcomp has partnered with industry leading security providers because we are humble enough to know that for something as critical as cyber security, our customers need true specialists, not hubris from their IT provider. Remember, security is all about layers, one of the most important layers is the team that responds to an event in near real-time and can provide clear root cause analysis (RCA) and certify that the entire scope of the compromise is known and dealt with.