Inspired by proliferating security threats, businesses worldwide will devote over $21 billion to managed security services, according to IDC. All that spending has vendors ranging from Continuum to Vijilan to Arctic Wolf and beyond introducing outsourced security operations center (SOC) solutions for MSPs. inSOC, however, thinks its recently introduced SOC-as-a-service offering has a competitive edge.
“If you look at a lot of the other managed security solutions, they’re either incomplete—they only do one thing or part of one thing—or they’re very complete and they take months to actually install,” says Eric Rockwell, inSOC’s CEO.
By contrast, he continues, inSOC’s ONE STOP SOC offering is both comprehensive and easy to adopt. The service combines 24x7x365 monitoring via an AI-based SIEM platform with automated vulnerability scanning, asset inventory management, and regulatory reporting. Equipped with plug-and-play appliances that partners can install at client sites quickly, the solution is designed to be fully operational within an hour.
“It’s a one-stop, pre-configured turnkey solution that MSPs can easily grasp and resell for a good, high margin to their client base,” says COO Kristian Wright.
The solution provides robust protection despite its simplicity, according to Rockwell. The SIEM component, for example, does deep packet inspection in addition to intrusion detection, and aggregates data from a long list of platforms. “We’re ingesting every log from Azure, AWS, Office 365, Exchange, SharePoint, all these different sources,” Rockwell says. “We get a very holistic picture.”
The solution stands apart as well, Wright adds, from systems that overwhelm users with alerts or flag potential problems but offer no advice on what to do about them. “We’ve tried to rework the whole solution from the ground up to get rid of those issues,” he says, noting that inSOC analysts filter out unimportant alerts before they reach users and provide remediation assistance for the alerts they do send.
“Most MSPs don’t have full-time security personnel, so they’re not going to know how to go in and try to remediate something,” says David Watts, inSOC’s CFO. “We’re going to actually teach them.”
The entire package is built around standards defined in the highly respected NIST cybersecurity framework as well as the Center for Internet Security’s top 20 list of critical security controls, Rockwell emphasizes. “We didn’t have to read through 5 billion breach reports to figure out the most common cause of a data breach for a small business. NIST and the Center for Internet Security have already done that,” he says.
inSOC offers three packages. The entry-level Essential package offers round-the-clock SOC services plus asset inventory monitoring. The Power plan adds SOC analysis and assistance, as well as vulnerability scanning. The top-of-the-line Premium package also provides reporting for HIPAA, PCI-DSS, FISMA, and other regulations.
Billing is done on a flat per-customer-site basis, rather than per device. Subscriptions come with rolling six-month contracts that buyers can opt out of with 30 days’ notice. “Typically, we’re seeing the MSPs that we’re selling to make two to three times what we’re charging on the back end, so it’s a very good margin for them to make,” Wright says.