OmniSOC Security Operations Center: A SOC Partnership Blueprint for MSSPs?
Five universities have partnered to launch OmniSOC, a joint cybersecurity operations center (SOC) designed to protect colleges from cyberattacks. While OmniSOC is designed for higher education clientele, the center’s shared business model could provide some best practices for traditional MSSPs and MSPs to emulate.
This video explains how OmniSOC works:
Founding Members: OmniSOC’s founding partners include Big Ten Alliance members Indiana University, Northwestern University, Purdue University, Rutgers University, and the University of Nebraska-Lincoln. The service is hosted at Indiana University.
The SOC identifies suspicious and malicious activity requiring mitigation, and provides rapid incident response through human analysis and machine learning, the universities say.
Former Indiana University Chief Security Officer Tom Davis is OmniSOC’s founding executive director and CISO. Additional team members focus on network analysis and control; service desk operations; and multiple security engineers.
Leveraging Established Best Practices
OmniSOC wasn’t built in a vacuum. It leverages two decades of experience and capabilities from the Global Research Network Operations Center (GlobalNOC), the OmniSOC announcement indicates. GlobalNOC provides services to government, research and education networks across the nation.
The new SOC also will work closely with the federally chartered Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) at Indiana. REN-ISAC’s provides aid and promotes cybersecurity protection, response and information sharing among its 580 members within the research and higher education communities.
OmniSOC leverages Elastic Stack, a security analytics platform that ingests, correlates and analyzes information to detect and hunt for cyber threats to member systems, OmniSOC’s founders indicate.
Shared SOCs: A Model for MSSPs and MSPs?
OmniSOC arrives just as thousands of MSPs and MSSPs seek to build or partner their way into the SOC market.
Generally speaking, most smaller MSPs simply don’t have the budget, talent or time to build a full-blown SOC. But plenty of companies are stepping up to assist those MSPs with outsourced SOCs and associated services. Examples include:
- ConnectWise distributing Foresite’s MSSP, compliance and SOC capabilities;
- Continuum, which is preparing to launch a SOC for MSPs;
- ChannelSOC, which surfaced at the CompTIA ChannelCon 2017 conference in August;
- CyberBit, which offers a SOC to MSSP partners like MNS Group;
- CyFlare — which has a SOC for VARs;
- NetEnrich — which offers SOC services to midsize MSPs and VARs;
- Trusted Metrics offers a home-grown Elastic SOC to partners; and
- Infogressive and Carvir are two up-and-coming master MSSPs that offer their services to MSPs.
MSSP Alert doesn’t specifically endorse any of those offerings, but we’re watching to see how those SOC providers scale to meet partner needs.
Example OmniSOC Services
Meanwhile, OmniSOC’s service catalog may help aspiring MSPs and MSSPs to more clearly understand the types of SOC services the need to pursue. OmniSOC will:
- Process and create cyber threat intelligence;
- notify member incident response teams;
- communicate and share information;
- conduct proactive threat hunting;
- analyze security events;
- monitor and triage security events; and
- provide call center services.
We’ll be watching to see how OmniSOC scales its platform, discovers and mitigates threats, and potentially welcomes additional universities into the group.