Monday, September 24, 2012

Differences between Corporate and MSSP Security Operations Centers

There are 2 types of Security Operations Centers: the one of a MSSP and the corporate one.

The SOCs are often confused because both provide security services but they are very different.

Primary scope
Corporate: it exists because of compliance regulations and because of some corporate needs.
MSSP: it exists to provide services to the customers and increase the incomings.

How are they seen by the company?
Corporate: it's seen as a cost. Usually the company will try to save on it as much money as possible.
MSSP: it's seen as a structure to make money. The company invests and HAS to invest on it.

Corporate: it provides services that usually need a strong interaction with other business units. Usually for example it provides incident handling / forensic analysis and "abuse" services.
MSSP: it usually provides services that are completely remotely managed. The MSSP will also very often answer to RFP and similar, something that corporate one, obviously never does.

Corporate: it's usually formed by less people but usually they are full time, permanent employee. This is because of the sensible data they will have to manage.
MSSP: the number of people will change with the market, most of the people will be temporary employee or freelance / consultants.

Corporate: in security there is always an higher level of stress compared to other IT departments but the fact that you don't have to deal with customers decrease the level in the corporate one.
MSSP: high levels of stress. Managing the security of many customers like banks, financial institutions and other critical ones with SLA and so on can be really stressing.

Knowledge sharing
Corporate: the corporate SOC will just have benefits in sharing strategies with other companies (a good example of cooperation between Telco and SOCs is ETIS).
MSSP: strategies, new offers, customers and knowledge, for obvious reasons, don't have to be shared.

Corporate: not usually visited by anyone except for people from other BUs (business units) of the same company and sometimes vendors.
MSSP: frequently visited by customers and vendors. Customers visits will be organized by KAMs (Key Account Managers) while vendors will come very often to try to sell their solutions as a service for the market.


  1. I agree with a lot of the points you made in this article. If you are looking for the Security Services In Mumbai, then visit Veteran Security Services (VSS). I love your content, they are very nice and very useful to us and this text is worth everyone’s attention.

  2. I really loved reading your blog. I also found your posts very interesting. we also provide Soc Security Services. for more information visit on our website.