The fallout from cybercrime continues to grow with costs to businesses set to reach $10.5 trillion a year by 2025. Last year BIG businesses felt the impact of these cyber-attacks, with multinationals like Toyota, Uber, Dropbox and North Face all reporting breaches.
However, it wasn’t just these well-known brands that experienced attacks, a recent report claims that 39% of UK businesses reported being the target of a cyber-attack over the last 12 months. A further report also highlighted the financial cost to businesses, which is estimated to be £4,200 per attack to small businesses, rising to £19,400 for medium to large size organisations.
As we look ahead to the next 12 months and beyond, and as cybergangs become more deceptive and sophisticated, it is vital that heads of IT, CISO’s and CTOs are all assessing their security strategies. There are many security services that can help protect an IT environment; two of the better-known offerings are a SOC (Security Operation Centre) and an MDR (Managed Detection and Response), but what are they and why do they matter?
What is a SOC (Security Operations Centre)?
A Security Operations Centre (SOC) is a managed service where an information security team constantly monitors and analyses the security of an organisation through logs and alerts – essentially, it’s an “eyes on glass” approach – where an analyst looks at the internal network. The primary purpose of the SOC team is to detect, analyse and respond to cybersecurity incidents using technology, people, and processes.
In addition to these functions, the modern SOC monitors the network, endpoints, applications, and user activity to proactively detect abnormal behaviours, investigate indicators of a security incident or attack, and immediately respond to any threats.
An in-house SOC equipped with cutting-edge technologies and tools, fully staffed with educated and experienced cybersecurity professionals who work around the clock, is the most comprehensive way to protect your organisation against modern cybersecurity threats. Unfortunately, this isn’t realistic for most companies.
Having a SOC on standby means that your organisation has chosen a security team whose task is to monitor and detect security incidents, whether that be in house or outsourced. The SOC is ultimately responsible for monitoring and protecting the organisation, its assets, and all of its data. This involves implementing your organisation’s overall IT security strategy, and acting as a central coordinator for efforts related to monitoring, assessing, and defending against cyber-attacks.
What is an MDR (Managed Detection and Response)?
Managed Detection and Response (MDR) service providers deliver remote threat hunting, proactive detection, investigation, and response functions to customers through a Cloud-based infrastructure.
MDR service providers offer a turnkey experience, using a predefined technology stack to collect relevant logs, system activity, data, and contextual information. This telemetry is analysed within the provider’s platform using various technologies, including artificial intelligence and machine learning (AI/ML) and up-to-the-minute threat intelligence that can be modulated depending on a customer’s needs. The process also allows for investigation by expert analysts, who deliver actionable guidance, or actively responding to threats through threat mitigation and containment.
When a threat is detected, they will verify the criticality and investigate the incident to find the root cause. They can then identify the best course of action, while actively responding or recommending the response to the partner and customer.
MDR services often include automated processes and Extended Detection and Response (XDR) which allow data to be collected across multiple security layers. This eliminates the need for security professionals to manually translate and implement alerts rules. Using AI and machine learning, MDR teams can streamline their work and rapidly produce richer, more useful, analysis. This not only allows them to respond faster, but with better accuracy too.
So, which cybersecurity service is right for your business?
Due to an increasing number of hybrid workplaces, cloud-based services, and high availability requirements, securing your businesses’ demanding IT environment has created a new IT landscape.
This new landscape is becoming increasingly harder to oversee and secure. To succeed, a service is needed that helps eliminate threats in time and doesn’t just put out fires when they are already burning.
To choose the right solution, you need to consider how your security team looks today, what other resources you have available, what your needs are and how much of the security work you can outsource to an external partner.
SOC and MDR are different approaches, and it is, of course, easier to choose the right path for you when you understand how each system works.
BOM IT Solutions has been offering managed services and support for over 20 years. We’ve recently partnered with specialists in Microsoft services, MSSP, Tiberium, adding a fully comprehensive MDR addition to our list of managed service offerings, enabling us to tailor cybersecurity strategies to every client’s bespoke business needs.
To find out more and how we can help your business navigate today’s complex cybersecurity landscape – get in touch with one of our team on, 0800 038 7222 or by emailing sales@bom.co.uk.
[Covered photo taken at our BOM | Tiberium event Q4 2022]