Don’t worry if you failed to notice all the changes at SOCSoter in the last year. The security vendor itself didn’t fully appreciate their cumulative significance until recently.
“Each one that you look at sort of independently maybe wasn’t that big of a deal,” says Eric Pinto, SOCSoter’s senior director of channel. Collectively, though, they add up to nothing less than a reimagining of the company’s platform.
“We’ve really shifted the model here,” Pinto says.
What’s emerged from that process is a company offering comprehensive managed detection and response services for endpoints, networks, and cloud applications, all designed specifically for SMBs and sold exclusively through MSPs.
The cloud piece of that story is the most recent addition to the portfolio, which also includes compliance monitoring, vulnerability monitoring, and enterprise risk management components. Introduced a month ago, SOCSoter’s managed cloud SIEM service draws on artificial intelligence and automated threat intelligence to provide consolidated monitoring of cloud-based solutions from Microsoft, Amazon Web Services, Cisco, Sophos, Cylance, SentinelOne, and others.
The need for such a solution, while hardly new to SOCSoter or others at the start of this year, has become far more urgent now that the coronavirus pandemic has millions of work-from-home end users relying on software- and infrastructure-as-a-service solutions to stay productive, according to Pinto.
“Very quickly as all of this happened, we realized that the cloud is a frontier that everyone is now embracing,” he says.
Like all of SOCSoter’s solutions, the cloud service is backed by a 24/7 U.S.-based security operations center staffed by experienced analysts tasked with ensuring that only significant threats get escalated to MSPs for remediation.
“What we’ve really tried to do as a platform provider is not only provide a range of solutions, but also guidance and expertise in terms of where this all fits in and why,” Pinto says. More importantly, by filtering out unimportant issues, SOCSoter’s security operations center team prevents MSPs from being inundated with alerts.
“If I get 10 alerts from 10 different solutions across 10 different customers, I’ve got a thousand to deal with, and now what do I do?” Pinto observes.
API-level integration with Microsoft 365, including Azure Active Directory, Excel, Outlook, OneDrive, OneNote, SharePoint, and more, became part of the package as well last week. SOCSoter utilizes API connections with third-party clouds to offer deeper, more actionable information than log monitoring alone can provide.
“It gives us access into the alert stream,” Pinto notes.
Founded in 2015 by David Nathans, a former U.S. Air Force cyberwarfare officer and corporate security executive, SOCSoter has sought to bring enterprise-grade security protection within reach of SMBs with limited budgets and little to no in-house security know-how from the first. According to Pinto, that remains the company’s mission despite the expanded product catalog.
“You’re getting a U.S.-based SOC, and that same SOC is going to be able to monitor the network, the endpoint, and the cloud together for a couple hundred bucks a month,” he says.