BI.ZONE Combines MSSP SOC and MDR in a Single Service

BI.ZONE Combines MSSP SOC and MDR in a Single Service

Learn more
December 17, 2021

Today, businesses worldwide are experiencing a digital transformation. IT infrastructures are growing and becoming more complex. As business continuity depends on their resilience, organizations are deploying more and more defenses in the efforts to build sophisticated cybersecurity systems. However, there are no means of protection that can guarantee absolute security. Cybercriminals know how to bypass any mechanism and remain undetected in the victim’s infrastructure for weeks or even months. Standard preventive defenses are no longer sufficient to avoid financial and reputational losses. Therefore, continuous monitoring is essential—it ensures quick threat detection and response. However, this is where organizations are faced with a choice: either to create their own Security Operations Center (SOC), investing large amounts of resources in a long and complex project amid a severe staff shortage or to outsource to an external provider.

Traditionally, around the world, security incident monitoring and response services have been rendered by managed security services providers (MSSP) based on their SOCs. In the process of connecting the IT infrastructure to the MSSP SOC, the client would tap into a wide range of log sources, from operating systems, databases, security tools, and network equipment to business applications. This provides a complete coverage of the IT infrastructure and allows the detection of all types of incidents. Furthermore, MSS providers support their clients’ security solutions and thereby can use them to respond to incidents detected in the course of monitoring (e.g., to block network access to the malware command center on the edge firewall, or to initiate unscheduled antivirus scanning of the hosts).

In recent years, a new breed of incident monitoring and response firms, known as managed detection and response (MDR) providers, has been emerging in the market—as an alternative to the MSSP SOC. In essence, they solve the same problem, however, with a different approach. The sources of events for MDR are either EDR agents deployed on IT infrastructure endpoints or network sensors based on NTA/NDR solutions. Hence, compared to the MSSP SOC, the scope of infrastructure coverage is significantly lower, but the depth of data collected is a lot higher, allowing a much quicker detection of advanced attacks.

From a marketing perspective, MSSP SOC and MDR providers are actively opposed to each other. In our opinion, this is inappropriate since the simultaneous implementation of these approaches delivers the best result—both in terms of the scope and depth of threat detection, and response time. Given this, BI.ZONE is launching a new service—BI.ZONE Threat Detection and Response (TDR)—which incorporates the advantages of MSSP SOC and MDR. BI.ZONE TDR is based on in-house technologies as well as threat intelligence (TI) obtained by dedicated internal research units. This makes it possible to adapt the service to the fluctuating market demands and to be independent from external tool and TI vendors.

In addition to solving the standard tasks of monitoring and responding to security incidents offered by regular MSSP and MDR providers, BI.ZONE TDR also prevents future incidents by continuously identifying vulnerabilities and weaknesses in the IT infrastructure configuration, based on the analysis of collected EDR inventory data. This ensures the coverage of the entire attack life cycle: before, during and immediately after the incident.

BI.ZONE TDR is available in four modifications shown in the table below.

Different service modifications allow organizations to choose the most appropriate level of monitoring and response, depending on the size of infrastructure, the cybersecurity maturity in the company and current tasks. With a growing IT infrastructure, it is always possible to move to another level without any additional complex steps, such as migration to other solutions and systems. Regardless of whether you have your own SOC or not—BI.ZONE TDR can provide comprehensive protection of your corporate IT assets as well as enhance your cyber maturity.