What is SOCaaS?
What is SOCaaS?
SOCaaS, or SOC As A Service, is the framing and delivery of a security operations center service in the spirit of SaaS, the trend of providing services using cloud hosted software and applications.
In SaaS, the service is stripped down to its pure value add — customers are spared the liability of installing software on hardware, compatibility issues, dealing with versions and upgrading, and management of physical assets.
The customer simply consumes the pure service that the software provides. Data archival, backup, performance tuning — all non-concerns for the customer.
novaSOC has adopted this model to provide the pure service experience of a Security Operations Center without the normal overhead and setup required in traditional managed services arrangements.
In essence, SOCaaS refers to the “SaaSifying” of a SOC. SaaS is hosted software and a SOC is software + people + process. This comparison accurately describes the ease and convenience afforded to customers.
Few, if any other solutions exist that provide real SOC services, which are generally comprised of security monitoring using a SIEM. A SIEM, or Security Information and Event Management, is mostly log-based monitoring. novaSOC exceeds this by using several additional sources of data beyond just logs.
How does SOCaaS compare to other solutions?
novaSOC is a cloud-based solution — there is not hardware or on-premises infrastructure required to monitor endpoints. For some competitors, an appliance is the foundation of their solution which represents a liability since it’s an additional asset and an endpoint itself.
We’re wary of groups who utilize pure technology-based solutions. While automation and intelligence are required to process the large quantity of data that results from monitoring, a human SOC analyst is still the best decision-making asset in a SOC.
Does SOCaaS have any special requirements?
SOCaaS does require a SOC analyst, an actual human who monitors for alerts and anomalies while performing specific investigation on events or incidents.
SOCaaS also requires process — every event, incident, or response follows a pre-defined process established by the Novacoast SOC. This provides thorough coverage for all types of security scenarios. Our processes are designed to adhere to industry best practices as well as to satisfy published control frameworks like SOC2, PCI, NY-DFS, NIST, and others where appropriate.
SOCaaS - How did we get here?
novaSOC is designed specifically to address a major problem for SMBs: they’re currently forced to either pick a single technology solution or settle for a lower tier of security technology. Both of which lack the expertise of trained personnel.
Even a large SOC requires multiple tools for maximum effectiveness: advanced threat hunting, comprehensive threat intelligence, and multiple sets of eyes to provide the best coverage of attack surfaces — all complementing tech and automation.
With a software development group and a large global coverage SOC in-house at Novacoast, we decided to create a solution to cover SMBs using a simple installable agent that allows our cloud-based systems and security analysts to provide true SOC services.
Are you really getting a SOC?
novaSOC is 24x7 eyes on glass — analysts are monitoring for any events that trigger alarms and are ready to investigate.
novaSOC is based on pre-defined processes and procedures developed to address known attacks and incident scenarios.
At the end of the day, a Security Operations Center is actual humans looking out for you.