Monday, September 24, 2012

Differences between Corporate and MSSP Security Operations Centers

There are 2 types of Security Operations Centers: the one of a MSSP and the corporate one.

The SOCs are often confused because both provide security services but they are very different.

Primary scope
Corporate: it exists because of compliance regulations and because of some corporate needs.
MSSP: it exists to provide services to the customers and increase the incomings.

How are they seen by the company?
Corporate: it's seen as a cost. Usually the company will try to save on it as much money as possible.
MSSP: it's seen as a structure to make money. The company invests and HAS to invest on it.

Services
Corporate: it provides services that usually need a strong interaction with other business units. Usually for example it provides incident handling / forensic analysis and "abuse" services.
MSSP: it usually provides services that are completely remotely managed. The MSSP will also very often answer to RFP and similar, something that corporate one, obviously never does.

People
Corporate: it's usually formed by less people but usually they are full time, permanent employee. This is because of the sensible data they will have to manage.
MSSP: the number of people will change with the market, most of the people will be temporary employee or freelance / consultants.

Stress
Corporate: in security there is always an higher level of stress compared to other IT departments but the fact that you don't have to deal with customers decrease the level in the corporate one.
MSSP: high levels of stress. Managing the security of many customers like banks, financial institutions and other critical ones with SLA and so on can be really stressing.

Knowledge sharing
Corporate: the corporate SOC will just have benefits in sharing strategies with other companies (a good example of cooperation between Telco and SOCs is ETIS).
MSSP: strategies, new offers, customers and knowledge, for obvious reasons, don't have to be shared.

Visits
Corporate: not usually visited by anyone except for people from other BUs (business units) of the same company and sometimes vendors.
MSSP: frequently visited by customers and vendors. Customers visits will be organized by KAMs (Key Account Managers) while vendors will come very often to try to sell their solutions as a service for the market.

2 comments:

  1. this seemed like an informative and educational post but unfortunately there may be some glitch or error and that is why the website link is not opening. please fix the issue.

    ReplyDelete
  2. Interesting post. Would like to have more details about the difference between the services offered by corporate SOC and MSSP SOC.

    ReplyDelete