We have more morphing in the security services space. When ISPs came into being in the mid-1990s, there came a need to provide some security services to customers who did not have a capability to provide such for themselves. Hence MSSPs were born. For many years, adoption of MSSP services remained quite low. Many potential customers just could not bring themselves to trust a 3rd party with their security needs.
As organizations struggle with finding enough security talent, and struggle to make their SIEM implementations effective, MSSPs have sensed a newer business opportunity: MDR. With the continuing decline in anti-malware efficacy, some organizations have turned to another relatively nascent segment of the security space: ED&R. The maturing ED&R products have allowed for vendors in that (ED&R) space to partner with MSSPs to provide those MDR offerings. (Carbon Black has been particularly aggressive in that regard.) While adoption of MDR by customers is still quite low, that service is expected to grow at a CAGR of 31.6% by 2022.
However, there is more morphing going on. Why ‘stop’ at MDR? We’re also seeing the adoption of a broader security offering: SOCaaS (security operations center-as-a-service). The recent launch of OmniSOC earlier this year by five American universities is one example. And vendors such as Arctic Wolf (just one of several) are actively touting SOCaas. While this offering is new, conference papers on it date back to at least 2014 (e.g., “SOCaaS: Security Operations Center as a Service for Cloud Computing Environments”).
Though the large public IaaS providers are not yet ready to offer SOCaaS, their MSSP-like offerings are certainly maturing. AWS is definitely more mature in its offerings (and more tools to work with), but clearly this need to evolve is not lost on Azure either (e.g., Security Center).
What is driving this continuing evolution in the delivery of security services is the need for faster and better (more accurate) detection of attacks. That is a challenge unto itself, but challenge is compounded by the ever greater volumes of data to analyze in an ever greater number of log formats. While MSSPs still tout the security talent of their personnel, the fact is that AI is needing to do ever greater percentages of that detection analysis and remediation.