I recently watched a trailer for a reality show where they follow Dutch couples having a baby, including parts of the delivery and the interaction with the doctors. During this particular trailer, one of the doctors used the Dutch translation of the phrase: “we’ll use this balloon, and it will exert traction.” I’ll spare you the details of where the balloon went; the thing that stood out to me was that the word used is “tractie” in Dutch. The word itself is almost never used in my native language, except apparently by doctors and perhaps race car mechanics. This made me wonder why a doctor, talking to people in an already stressful situation, would use words like “traction” instead of just saying the inflated balloon will push (or pull) a bit.
The doctor used words that she learned in medical school and during her training. Doctors do that often, and cyber security experts are just the same. How are the doctor’s patients supposed to understand what she’s talking about? Sure, they can guess what “traction” means in this context, just as people probably have an idea of what an MSSP does. But how does an MSSP differ from an MDR service provider?
In this article, I will explain some of these abbreviations, acronyms, and terms within cyber security that are important to understand but that no one ever seems to explain.
Today’s cheat list:
MDR
Managed Detection & Response
SOC
Security Operations Center
MSSP
Managed Security Service Provider
SOC+
SOC-as-a-Service
What is an MSSP?
Managed Security Service Provider, or MSSP.
MSSPs originated as a service provider that could make sense of the vast amount of emerging security service suppliers and their generated alerts.
Using the services of an MSSP was the first step in getting help as a business in the cyber security landscape.
What is MDR?
Managed Detection and Response, or MDR.
An MDR service provider distinguishes itself by improving the efficiency and effectiveness of a business’s security team. The service solution sets up services that detect attacks and has experts on hand to perform analysis for the company.
MDR cuts down on the number of false-positive alerts communicated to the company. It gives the context of the attack to the security team and offers advice to the security team on how to contain or remediate the attack.
MDR utilizes a number of cyber security services based on constraints and the scope of what needs to be protected. The constraints and the scope are based on the risk appetite and risk profile of the business and resource constraints such as budget.
Security Operations Center – the heart of MDR
At the heart of MDR is the Security Operations Center (SOC).
Automated systems primarily do the detection using use-cases provided by frameworks and technology. Alerts flow into the SOC from connected services and are investigated by analysts.
Analysts enrich detection and subsequent investigation with intelligence and advice.
Further advice on how to mitigate the attack and which precautions to take to prevent further and future damage is offered. If things are especially troublesome, businesses need their MDR service providers to provide a response option that involves forensic investigation or emergency readiness teams.
SOC as a Service
Businesses might want to make use of SOC-as-a-Service.
SOC-as-a-Service or SOC+ is an emerging service; its primary focus remains with the functions described earlier for an MDR SOC, but instead of advising on mitigation and remediation to a client, the SOC+ service intervenes operationally as part of the service and does that work on behalf of the client.
For example, closing down a client’s connection or shutting down part of the network for them. In essence, providing more support to a client’s security team by handling more of their tasks.
Why is MDR so important today?
MDR has become the leading value service in cyber security. Clients recognize that new technologies and unexplored areas of monitoring provide a lot of opportunities for the future but need a partner to help them navigate to the end of the labyrinth. Somebody to not only translate and explain the abbreviated signage along the way but also point them in the optimal direction.
Creating clarity
Just like the patients at the start, we need to know what we’re talking about. MSSPs, MDR, SOC, SOC as a Service. If you’re looking for a cyber security partner to help with your detection capabilities, these terms will inevitably come up. Hopefully, you’re now fully equipped to partake in those conversations.
Being able to detect and respond swiftly is vital to fending off increasing amounts of threats.
Interested in knowing more about how Managed Detection & Response can help keep your business safe?