In a world where cyber criminals target businesses both large and small with ever-changing tactics and techniques, heroes emerge: Managed Service Providers (MSPs). They may not wear capes, but every day, MSPs provide crucial security and IT support to their customers. However, with new threats appearing almost daily, it can be impossible for the average MSP to keep up, especially as threat actors tend to take action well outside of normal working hours, including weekends, holidays and the middle of the night.
Having a Security Operations Center (SOC) is a crucial step for MSPs to defend their clients at all hours of the day and night, but building a SOC yourself can cost upwards of $1 million and come with many staffing and compliance headaches. For many MSPs, partnering to get a SOC is the way to go, such as partnering with SonicWall and our Managed Security Services team.
SonicWall’s SOC is defending our MSP partners and their clients day and night from shadowy cybercriminals. Here’s how they do it.
Any effective SOC is a combination of three things: people, process and technology. While it’s easy to focus only on security tools like endpoint detection or antivirus software, it’s crucial that those tools are configured properly and that effective processes are in place to ensure the SOC is running efficiently.
That’s why the people are the most important element of the SOC: they are cyber experts who stay on top of the latest cyber threats and new techniques being used by threat actors. They also apply that knowledge and experience to the configuration of security tools. They can quickly determine which alerts are relevant and recognize patterns in the alerts that security tools throw, allowing them to spot and stop attacks at very early stages, minimizing damage for your clients. While security tools and software are important, it’s the people who bring the true value to a SOC.
Arguably the most important part of the incident response cycle is the preparation before a cyber event takes place. Taking the time to ensure that all security tools have the latest updates, all endpoints have the correct tools installed, and that tools are using the latest security rules can make the difference between an annoying minor alert and a full security incident.
SonicWall’s SOC works with our partners to ensure that their environments are as prepared and protected as possible before a threat actor ever takes action. When new partners start out with SonicWall Managed Security Services, the SOC team conducts a white-glove onboarding process to ensure security tools are installed and configured properly. After that, the team performs configuration audits twice monthly and provides a report card to partners that includes any necessary actions needed to be optimally secure.
The SonicWall Security Operations Center monitors for alerts and abnormal behavior 24 hours a day to protect our MSP partners and their clients from cyber threats. When alerts come in from security tools, a SOC analyst conducts an investigation. The SOC’s rules and technology configurations automatically classify alerts as minor, major or critical, and the SOC analyst can then upgrade or downgrade the alert as needed based on what they find in their investigation.
When a Critical Alert happens, the SonicWall SOC team will call you on the phone every fifteen minutes for the first hour, and then every hour after that. Don’t worry – if you don’t answer, the SOC team won’t wait. The threat will still be addressed and we’ll fill you in once we’re able to connect.
Once the threat is contained, the SOC analyst will create a report that documents the incident, including what specifically happened, the scope of the incident, the actions they took to mitigate the threat, and any other areas of impact you may need to be aware of. They will also make recommendations for your next steps toward full remediation.
SonicWall’s Security Operations Center stands ready to defend all our MSP partners and their end clients, and we’ve made getting the around-the-clock protection of a SOC easier than ever. Our Managed Security Services are available with no annual contracts or long-term commitments and with no minimums. We partner with you and scale with you as your business scales – whether up or down.
Ready to get started? Contact us today to learn how you can get started with Managed Detection and Response (MDR) with a free proof of concept!
Share This Article
An Article By
An Article By
Sarah Wilkinson
Sarah Wilkinson