Transform Your MSP NOC Into An MSSP SOC

Author: AlienVault VP Global Channel Sales Mike LaPeters

While traditional managed service provider (MSP) offerings, like system monitoring and management, are subject to price pressures and commoditization, the rapidly changing landscape of security threats make information security a high-value business.

With that reality in mind, MSPs can transform or extend existing NOCs (network operations centers) into SOCs (security operations centers), moving from offering increasingly lower-margin IT services to high-value information security monitoring and management.

Key Recommendations

Keep the following takeaways and tips in mind:

  • Ever-changing security threats present an evolutionary business opportunity for MSPs. Businesses may have their own security tools—such as a firewall, antivirus, and integrated threat management—but are unlikely to have in-house specialized information security professionals.
  • MSPs can begin with managed services and transition to higher profit monitored services. Transitioning MSPs might start the move to security solutions with managed services before transitioning to higher-profit monitored services. A SOC can offer one or both of these services to customers. The key distinction between managed and monitored services is that SOC security professionals are involved in reviewing and resolving issues for customers, whereas managed services push the issues back to the client for resolution.

In addition, a SOC may provide revenue-generating secondary offerings to clients, including security training, pen testing, forensics, virtual chief information security officer (CISO), and more.

  • NOCs have already spent the money and done the work necessary for a smooth conversion to a SOC. Businesses starting new projects want to understand how capital intensive the project is. For established NOCs, many of the big ticket items required to create a SOC are already in place, including the physical building and much of the equipment.

Implementing procedures can be time consuming for a new operations center, but an established NOC already has created and optimized key processes, including issue ticketing systems and workflow, and how and when to interact with and contact customers. To fully deploy an incident management system can take a business anywhere from 18 months to three years; NOCs already have these systems in place as part of their daily operations.

  • Additional staffing and tools are necessary to complete the NOC to SOC conversion. Tier 2 staff—information security experts—are a required investment for any SOC. A large staff of these higher-salaried Tier 2 employees isn’t necessary; a single Tier 2 can work with multiple Tier 1 staff members, who will multiply that Tier 2’s labor efforts, research, and skills. As the process is refined, efficiencies allow even more Tier 1 employees to work with the Tier 2 specialist, and even train to move into a Tier 2 position in the future.

Tools are another important part of completing the NOC to SOC transition. A security information and event management (SIEM) platform allows the SOC to take a significant amount of information from a variety of sources—e.g., 30 million events in a day—and distill the data down to 10 or 15 alarms to be triaged for action. A threat intelligence tool that sits on top of the security platform brings extra value to customers by allowing the SOC to overlay threat intelligence and determine actions quickly and efficiently.

  • AlienVault provides a unique solution to the security problems that organizations face. AlienVault delivers everything you need to detect, prioritize and respond to today’s threats in minutes. The AlienVault Unified Security Management™ (USM) platform provides five essential security capabilities managed from a single console, combined with regularly updated threat intelligence that ensures you have everything you need to rapidly detect threats and satisfy compliance requirements. The solution offers a variety of security-focused solutions, including the SIEM, threat intelligence, intrusion detection, behavioral monitoring, asset discovery, and vulnerability assessment.

Mike LaPeters is VP global channel sales at AlienVault. Read more AlienVault blogs here.