The Types Of Managed Security Services
When selecting a managed security provider, you may come across a wide variety of terms, including security information and event management (SIEM), managed security services provider (MSSP), Managed Detection and Response (MDR), and SOC-as-a-Service. Each of these terms can mean different things within the managed security field.
However, this is not always the case. Before taking advantage of a SOC-as-a-Service offering, it is important to ensure that the services provided match your organization’s requirements.
In most instances, a SOC-as-a-Service provider acts as a full-function 24/7 Security Operations Center (SOC), providing services similar to that of an MDR provider. SOC-as-a-Service is a term that does not have a well-defined meaning within the industry.
Managed Detection And Response
Endpoint Detection and Response (EDR) is a subset of MDR focused on monitoring and securing endpoints within an organization’s network. EDR services primarily consist of matching security events against patterns of known malware and quarantining devices as needed. Often, the in-house security staff is responsible for remediation of the endpoints and bringing them back online.
Managed Detection and Response (MDR) adds investigative capabilities to a security services provider. An MDR provider will investigate alerts, eliminate false positives, and aid the organization to respond to any identified threats. Some MDR providers include remediation services to help their customers recover from an incident.
Published by Russell Welch