There’s always been a long list of acronyms for all the tools and technologies used in the security industry, but the catalog just keeps getting longer with the latest point of confusion being the sprawling abbreviations used to describe security services. Take for example:
When most companies today need the help of at least one managed security services provider, IT leaders must understand the difference between these services and more importantly, how to choose what’s best for them. Here are some quick definitions and tips to help compare and contrast security services.
MSS Explained: MSS is likely the most familiar abbreviation; it’s been around for a while. As a general term, it describes a managed service provider that specializes in a broad set of security services. Traditional services that fall under an MSS include technology management and security threat monitoring. These services are perfect for those with internal security operations teams that need help managing tasks across multiple security technologies.
But as security has evolved, so too have the services. As such, providers needed a way to evolve their offerings with updated acronyms.
MDR Explained: MDR takes the MSS concept one step further, focusing on the critical actions of security operations: detect and respond. MDR services include advanced threat detection services, threat intelligence capabilities, and most importantly incident response — certified security analysts taking action against any identified malicious activity.
The Key Difference: While you may find that some MSS providers perform a limited number of templatized response actions, they generally escalate actions to the client rather than take matters into their own hands. Meanwhile, MDR providers take pride in client collaboration, customizing threat response actions around their client’s own systems, processes, and compliance requirements. MDR services are also known for putting endpoint security at the center of their service. MDR includes a team fighting cyber crime on your behalf. The value of that action cannot be understated, as this is where most mid-size companies and their security operations are failing today.
Now we’re going to start splitting hairs.
SOCaaS is the new flavor du jour, and according to Forrester, it sits somewhere between MSS and MDR. Think of it this way, SOCaaS executes detection and response workflows akin to MDR, but instead of putting endpoint protection platforms at the epicenter, it typically puts SIEM at the epicenter.
Most SOCaaS providers don’t include critical response services. They simply focus on technology platforms, escalating security incidents to the client to handle. SOCaaS is recognized for log ingest, tuning, and SOC augmentation — not threat detection and response services.
Keep in mind, these are generalizations and not hard and fast definitions. You might find solutions that break the mold, as each provider has their own approach and their own way of compiling security technologies and services into one offering.
Use cases: When to use what
For decades, IT leaders have been solving security problems simply by slapping on another technology, but that approach is no longer effective. In fact, services (people and expertise) are more important than technology today. Gartner’s “Market Guide for Managed Security Services” sums this up well by advising that an effective security program is “60% process, 30% expertise, and 10% technology.”
Whether you need MSS, MDR, or SOCaaS, you will want a trusted partner who brings industry expertise and a capable team. But you’ll also want to ensure the right strategy, services, and technologies are in place. Here are some buyer criteria from Nemertes Research to help guide in any search:
Get the complete Security Services Buyer Guide from Nemertes Research
Call us now to arrange a consultation (866) 588-5885.
Or arrange for a consultation through our request form.
© 2023 Masergy Communications, Inc. All Rights Reserved.