Their are many managed security services providers (MSSP) offering some form of SOC as a service. However, such services are only as good as their tools, processes, and staff they have watching over your organization.
The state of the art for SOC-as-a-service is to use a mix of tools to try to cover the typical customer’s threat surface. Their first challenge is to have enough highly skilled analysts on staff twenty-four hours of every day to detect, and help resolve problems as they occur. Unfortunately, this leads to creating an unscalable model as the MSSP adds more customers leading to the most skilled analysts to become stretched thin.The second challenge is twenty-four hour support. Shift changes typically bring in analysts at different skill levels. Bottom line: A providers challenge in maintaining enough skilled analysts twenty-four hours a day means that inevitably, some customers will be looked after by entry-level employees or very overworked staff. One bad day by these analysts can have dire consequences.Finally, response is the most important but typically underwhelming capability. A good MSSP should be able to react in minutes and take measures to stop attacks in seconds on your behalf – because of how quick damage can be inflicted by ransomware, intrusions, or insiders. At best they can provide an SLA that says they will take action to stop these attacks the moment they are detected – automatically.