Many businesses outsource their SOC to third parties like Huntress, Carbon Black, SentinelOne, all of whom offer very fancy Endpoint Detection and Respone (EDR) tools. Just about every EDR solution is a Cloud/SaaS offering provided either directly or indirectly through a third party Managed Service Provider (MSP). We call this Managed Detection and Respone (MDR). From technical and privacy standpoints, it probably sounds like a huge risk, but it's also worth acknowledging that EDR companies operate immense threat intelligence platforms through real-time monitoring of customers. From a C-suite perspective, it makes a lot of sense to offload the specializations of real-time protection and malware analysis to EDR solutions. There are risk managers who have quantified the risk tolerance for these types of products/arrangements. The company legal department, the CFO, and the board of directors are all satisfied with the EDR solutions placement on the Gartner quadrant and SOC Type 3 report saying the EDR provider follows best practices. Sometimes it's even a requirement for "cyber insurance" which a business may need depending on the industry. For better or for worse, EDR is how most institutions secure their IT infrastructure today.

▲

rcxdude 3 days ago | parent [-]

For worse, I would say. This kind of thing is about accountability shuffling and not at all about improving security.

	▲	NegativeK 3 days ago \| parent \| next [-]
		I'm concerned that you're not familiar with EDR and organizations who flat out can't build a full 24/7 SOC. Which is the vast majority of businesses. EDR is a rootkit based on the idea that malware hashes are useless, and security needs to get complete insight into systems after a compromise. You can't root out an attacker with persistence without software that's as invasive as the malware can get. And a managed SOC is shifting accountability to an extent because they are often _far_ cheaper than the staff it takes to have a 24/7 SOC. That's assuming you have the talent to build a SOC instead of paying for a failed SOC build. Also, don't forget that you need backup staff for sick leave and vacation. And you'll have to be constantly hiring due to SOC burnout. If all of this sounds like expensive band-aids instead of dealing with the underlying infection, it is. It's complex solutions to deal with complex attackers going after incredibly complex systems. But I haven't really heard of security solutions that reduce complexity and solve the deep underlying problems. Not even theoretical solutions. Other than "unplug it all".
	▲	glitchc 2 days ago \| parent \| prev \| next [-]
		> This kind of thing is about accountability shuffling and not at all about improving security. You nailed it. Can't really blame CISOs for pursuing this model though.
	▲	cwmoore 2 days ago \| parent \| prev \| next [-]
		It would be a shame if justice ever found itself obstructed by "accountability shuffling".
	▲	cybergreg 3 days ago \| parent \| prev [-]
		Huh? Small and medium sized businesses have how much to spend on security? Let alone IT?