26 SOC as a Service (SOCaaS) Options for MSPs, MSSPs

Dozens of companies are introducing SOCaaS (Security Operations Center) as a Service-type capabilities for MSPs and MSSPs. The reason? Tens of thousands of small MSPs can’t afford to build out their own SOCs. Plus, established MSSPs are seeking more ways to automate and scale their cybersecurity business practices.

Key SOCaaS options for MSPs and MSSPs, listed alphabetically, include the following companies — many of whom are also Top 250 MSSPs for 2021. Here’s the lineup of various SOCaaS companies we’ve been tracking…


  • Blog timeline: Blog originally published in 2018. Updated regularly thereafter with new SOCaaS companies. Some companies have been removed from the list over time due to (A) business strategy shifts, (B) mergers and acquisitions and/or (C) company silence.
  • MDR service providers: Many of these companies also position as Managed Detection and Response security companies (see Top 40 MDR service providers list).
  • Whom did we miss? Email SOCaaS thoughts and leads to Editorial Director Joe Panettieri ([email protected]).

Related Webcast: SOCaaS for Small MSPs – Join Us

26 Security Operations Center as a Service Options for MSPs & MSSPs

1. Alien Vault from AT&T Cybersecurity: Roughly six months after AT&T acquired AlienVault, the parent company in March 2019 reorganized is cybersecurity assets into a new standalone business division. The strategy: Combine the AT&T Cybersecurity Consulting and AT&T Managed Security Services to form a new standalone division, AT&T Cybersecurity. Fast forward to present day. A lengthy list of MSSPs and MSPs leverage AlienVault Unified Security Management (USM) for continuous security monitoring, log management, and out-of-the-box compliance reporting.

2. Arctic Wolf Networks: A pure channel strategy emerged after the SOCaaS provider raised $45 million in Series C funding in October 2018. Fast forward to November 2021, and Arctic Wolf is preparing a potential IPO for 2022. Key relationships and/or integrations include ConnectWiseIngram  MicroSplunk and may others. Key Arctic Wolf Networks adopters include LDM Global and Secure Data Technologies.

3. Ascend Technologies: Acquired Infogressive, a well-known Master MSSP, in July 2020. Infogressive has been ahead of the curve assisting MSPs and other channel partners with risk mitigation and proper ransomware defenses.

4. Binary Defense: The company recently hired FBI veteran Randy Pargman as senior director of threat hunting and counterintelligence. Binary Defense also partners with Ingram Micro and Arctic Wolf Networks for an expansive SOCaaS solution.

5. BLOKWORX : In addition to educating and training partners, BLOKWORX provides white label SOC and Endpoint Defense Services to MSP partners. The company embraced a channel-only strategy in January 2018

6. Bolton Labs: The SOCaaS provider has been in acquisition mode — buying Phylasso and Pandora Labs for cybersecurity technology and talent.

7. ChannelSOC: The AT&T Cybersecurity partner leverages AlienVault to provide white label SOC services to MSSPs & MSPs.  The services include setup, tuning, managing and monitoring the SIEM and vulnerability management — through ChannelSOC’s 24×7 SOC.  The company works with existing AlienVault partners that don’t have SOC operations, and partners that don’t have a SIEM or a SOC vendor.  ChannelSOC also provides Incident Response, Threat Hunting and other Forensic services.

Related Webcast: SOCaaS for Small MSPs – Join Us

8. ConnectWise Security Operations Center: The MSP software company acquired SOCaaS businesses such as Continuum, plus Perch Security and Stratozen. Key partners include Fortinet, Netsurion, SentinelOne and Webroot.

9. Collabrance: Owned by GreatAmerica, Collabrance is a Master MSSP. The company in 2018 integrated security information and event management (SIEM) and vulnerability and penetration (VUL/PEN) testing into its master MSSP offering for partners.

10. Critical Start: The MDR provider strengthened its brand in 2021, and in mid-2019 raised $40 million to expand nationwide across the United States. The funding involves a minority investment from Sagemount, a growth equity firm. Critical Start’s focus areas include a heavy partner emphasis.

Continue to page two for SOCaaS security companies 11-20

Return Home




    Great list! What are your thoughts about Silent Breach? We’ve been using them for a year now

    Joe Panettieri:

    Hi John: Thanks for the note. We’ve briefly mentioned Silent Breach once in our coverage, but I’m not an expert on the company. Are you affiliated with them?

    Eric Brown:

    Great list Joe – saved me time!

    Joe Panettieri:

    Hi Eric: Thanks for your readership. We’ll try to update the list from time to time as companies move in (and out) of the market. I suspect we’ll see some consolidation throughout 2020…

    Himanshu Shah:

    Great List will save lots of time for MSSPs seeking this information. Though, I represent Opticom Data Products Mumbai India. If you have some names to suggest operating out of India. Banks and FIs do not wish to send data to oversea cloud services.
    Btw, Thanks for the great information shared.

    Ankur Sharma:

    Hey Joe,
    Thanks for great list. Any Thought about A-LIGN (https://a-lign.com) – Founded by former “Big 4” executives and security specialists, A-LIGN is dedicated to making the security and compliance process as seamless and efficient by offering a one-stop-shop.

    Joe Panettieri:

    Hey Ankur: Thanks for your note. It’s been quite some time since I revisited this blog. I’ll see if we can do an update in the weeks ahead. Are you associated with A-Lign?


    Owen Allen:

    Hi Joe, if you are doing an update to the list for 2021, I’d be happy to connect you with the right folks at BlueVoyant to answer your questions. I am an employee of BlueVoyant. We are huge fans of the SOCaaS model.

    Joe Panettieri:

    Hey Owen: Thanks for your note and readership. MSSP Alert closely covers BlueVoyant’s business. Congrats on the milestones so far this year. I’m not sure if/when we’ll update the SOCaaS article. I know a few readers have asked us to do so. But I want to make sure a refresh would bring some fresh perspectives to the market. Stay tuned, and please keep the feedback coming.

    Dennis London:

    I’m really curious what the definition is for a SOC these days. A few of the ones in this list are nothing more than SIEM operations and don’t actually perform any of the remediation or actions. They’re great at doing the analysis and then telling the service provider or customer what to do…but they don’t actually do any of the remediation.

    Joe Panettieri:

    Dennis: Great question. I think quite a few MSP- and enterprise-oriented SOCs spot the issue, but don’t resolve the issue. Hence, the continued need for MSPs, MSSPs & enterprises to hire forensic investigation teams post-incident. I know I’m super-simplifying the conversation and skipping a lot of deeper details. But I hope that provides at least some baseline context.

Leave a Reply

Your email address will not be published.