In previous posts (see links below), I’ve outlined already the profound transformation of Security Operations Center (SOC) technologies. The journey from on-premise SOC solutions to Software-as-a-Service (SaaS) delivered platforms marks a significant milestone in this evolution. Gartner’s introduction of the Security Service Delivery Platform (SSDP) reflects a deep market trend, highlighting vendors like Sekoia.io who are leading with agnostic platforms designed to empower service partners. This shift not only paves the way for more hybrid engagement models but also signifies the increasing complexity and specialization within cybersecurity operations. Today, I propose to dive into the specifics of what this means for service providers and their customers going forward.
The field of SecOps, or cybersecurity operations, has grown immensely in both scope and skill requirements. Modern SOCs are composed of specialized teams capable of triaging, responding to, and investigating threats at scale. These teams include threat specialists who drive detection products, support incident qualification, and hunt for weak signals indicative of undetected compromises. The necessity for large data volumes has introduced data science into daily operations, with data specialists developing analytics to understand trends and outliers.
This breadth and depth of required skills, alongside emerging technologies like mobile and cloud infrastructures, present significant challenges. The result of it is an ultra specialization of the different actors involved into daily operations, not even touching on the ones tactically operating during DFIR investigations and other CSIRT like activities. The global talent shortage in cybersecurity makes staffing these roles of course difficult even for the most well-resourced organizations.
To address these challenges, cybersecurity managers are adopting various strategies, focusing on what is mission-critical and what can be outsourced. This includes not only the different SOC levels but also operational capacities during off-hours and holidays. Such models involves the hand over of alerts and investigations across actors collaborating around the clock, whenever 24/7 or follow the sun, often using ticketing systems to protocol actions but also because the hand over of data itself isnʼt feasible due to volume and the complexity to allow access to on premise repositories.
With SaaS based SOC platforms we are entering a new era in terms of efficiency for these teams to operate, and for service partners to deliver value to their customers. The centralization of data and tools enhances case management, replacing traditional ticketing systems with a unified approach that integrates alerts, annotated data, reports, timelines, and actions. Artificial intelligence further enhances this process by automating repetitive tasks and providing insights that might otherwise be missed.
The democratization of these platforms means that capabilities once exclusive to large enterprises are now accessible to small and medium-sized businesses at reasonable costs due to resource mutualization. This evolution has led to the transformation of Managed Security Service Providers (MSSPs) into Managed Detection and Response (MDR) services and now to Managed Extended Detection and Response (MXDR) services.
A new era is dawning where global virtual SOCs can deliver the breadth and depth required for complex missions through collaboration across multiple organizations. SSDPs are now becoming the substrate for collaboration around the data and not anymore “passing ticketsˮ between operators. As our practices continue to grow in complexity and specialization, topped by AI expert agents coming in play to perform specific tasks, platforms should be where the ecosystem of operational and tactical services meets to collectively solve complex needs.
This transformation presents a unique opportunity for innovation. Vendors like Sekoia.io are at the forefront, developing solutions that enable different actors to collaborate seamlessly. By engaging regularly with partners, they aim to create solutions that allow end customers to focus on their core business while entrusting partners to provide cost-effective protection.
What does it look like in practice? How do service providers like MSSPs leverage our platform to highlight their own expertise? Check here to see concrete case studies on how we work with Monaco Cyber Security, SNS Security, Stoïk and others.
The continuous evolution of SOC platforms and cybersecurity services underscores the dynamic nature of this field, driven by the need for more efficient, scalable, and collaborative solutions to address the ever-growing complexity of cybersecurity threats.
We believe that the future of service will be an hybridation of capabilities, engaged on demand, enabled by a workbench of tools and access to the relevant data all together. We will keep diving into the specifics of the vision in a close future, stay tuned!
Fabien Dombard Chief eXperience Officer