- SOAR 101
The days when a managed service provider’s (MSP) role was just to provide support services are long gone. As cyber-threats continue to evolve, MSPs are moving beyond the call desk and becoming security specialists themselves. The cybersecurity industry is a dynamic space and an increasingly important one for MSPs to be involved in. This is especially true as more businesses outsource their security requirements to managed security service providers (MSSPs).
The increasing maturity of the IT industry has a direct impact on MSPs as well as their customers. MSPs face lower margins in the space due to increased commodification and competition. MSPs, particularly those specializing in IT automation services, are therefore exploring opportunities to add security automation to their existing IT automation portfolio. This will allow them to charge a premium for high-value services, differentiate themselves from the competition, and scale their own businesses.
The global managed security services market size is expected to grow from USD 27.7 billion in 2020 to USD 64.73 billion by 2026, at a compound annual growth rate (CAGR) of 15.1% during the forecast period. The major growth drivers for the market include rising cyberattacks and data breaches and a global lack of cybersecurity talent.
To build an in-house SOC, you need a breadth of people with a variety of skills and experience, including endpoint, network, and cloud security. You also need people with specialized experience in incident response and forensics. Most large enterprises lack the time and resources needed to build a world-class SOC—especially one that can respond effectively to advanced persistent threats (APTs) or complex targeted attacks. They are turning to MSSPs to fill the gap.
MSSPs bring the necessary breadth of expertise in cybersecurity along with the ability to scale up quickly when needed. With an MSSP, enterprises don’t have to worry about hiring, training, and retaining employees for every position necessary for a SOC; from the security analyst to the virtual CISO.
While the growth of MSSPs is undoubtedly a good direction, there are certain challenges that MSPs looking to move into the MSSP space will face. How can they offer security automation if they don’t have the required skills and expertise? Most MSPs don’t have the expertise to build reliable detection rules or create effective playbooks.
MSPs who want to add security services need to build out a SOC and hire security analysts to monitor client networks 24/7, 365 days a year. But that can be very expensive—as you would need to hire enough security analysts to work in shifts and ensure that each shift is run efficiently so that nothing falls through the cracks.
Webinar Excerpt: The Most Critical Trends Facing Enterprise SOCs and MSSPs
You could be looking at hiring at least 10 full-time security analysts for your first year alone, which could cost around USD 1 million per year (based on the average salary of a security analyst in the United States).
The MSSP landscape is quite diverse. Services offered range from 24/7 event monitoring and response, threat intelligence, penetration testing, vulnerability assessments, and SOCaaS (Security Operations Center as a Service), to name a few. As an MSP starting out, it’s more than likely that you will have to partner with an MSSP to provide advanced services that cannot be delivered in-house.
The MSSP space is going through disruption of its own, as Tier 1 work gets increasingly automated. The managed detection and response (MDR) model enables outsourced teams to provide higher-value Tier 2 and above services like threat hunting, forensics, and incident management. A 2021 study by MSSPAlert finds that 91% of MSSPs offer MDR services, making it table stakes in today’s market. D3’s next-generation SOAR platform can help MSPs provide MDR-style functionality to SOC teams, enabling them to match MDR offerings from competitors.
D3’s multi-tenancy features help MSSPs manage customers at scale. Our integrations with over 500 security vendors help you work with pretty much any client, no matter what their security stack. Plus, our API-based architecture makes it easy to add new integrations. As one of our customers told us, “Using D3 SOAR as a layer of abstraction frees up our analysts having to know the ins and outs of different SIEMs, EDRs, firewalls, and other security tools. It ensures that our services can scale without a corresponding increase in staff.” There are many other compelling reasons to choose D3’s SOAR platform in your SOC, from codeless playbooks that significantly reduce the need for in-house python experts, to our extensive case management and reporting features.
D3’s SOAR platform can automate and orchestrate threat detection, incident response, and management across your network, cloud, and endpoint environments, no matter what vendor’s solutions you use. It enables you to automate repetitive tasks, such as alert triage, risk assessment, and correlation. It gives the SOC team the freedom and ability to focus on more complex issues while reducing the chance of human error. And it gives you the superpower to become an MSSP.
For MSPs looking to become MSSPs, this is a webinar you do not want to miss. D3’s Stan Engelbrecht will be joined by our channel partners Francis O’Haire from DataSolutions, and Mike Smith from Solarnet Communications Ltd and Stephen Sampana, security ops specialist. This panel of cybersecurity experts will share their expertise, highlight the business benefits of SOAR, and share customer success stories of MSPs that successfully made the transition to becoming an MSSP. There will be an interactive Q&A session as well, where you can pick their brains. Sign up for the webinar here.
Date: May 10, 2022
Time: 1:00 PM BST
Do you want to see D3 in action? Join us for a 25-minute deep-dive demo and see how our award-winning Security Orchestration, Automation, and Response (SOAR) platform helps security teams accelerate incident response, scale processes, and learn from every incident.REGISTER NOW