SOCSoter adds Breach Detection service for SMBs to their Vulnerability Monitoring Service

SOCSoter, which has over a hundred channel partners reselling their offering, doesn’t yet have any partners in Canada, but will be at the ASCII show in Toronto later this month looking to change that.

Melissa Kaiser, SOCSoter’s Director of Business Development

WASHINGTON D.C – Hagerstown MD-based MSSP SOCSoter has launched a new service, which they believe provides a fairly unique and differentiated value for the small and medium businesses who make up their customer base. Managed Breach Detection is common in the enterprise, but has typically been somewhat pricey for the SMB space, so is not found much in that market. The company made the announcement in conjunction with their attendance at the CompTIA ChannelCon trade show here.

SOCSoter is a relatively new company, in business for two years, whose founder has deep expertise in building SOCs [security operations centres]. His background includes building a SOC for Marshalls Home Goods after its parent company, TJX, was hit by a massive breach in 2006 in what in those pre-Target days was believed to be the largest security breach ever. He was also CISO for a large contractor, and started out in the 1990s in Boston with an MSP business, which he later sold.

“He wrote the book on designing SOCs,” said Melissa Kaiser, SOCSoter’s Director of Business Development.

SOCSoter uses their own SOC as part of their core service, a Vulnerability Monitoring Service [VMS] on a SIEM platform that acts as a burglar alarm to detect threats that have managed to get into the network. SOCsoter provides a monthly vulnerability scan which is assessed by their SOC engineers, to detect, respond and protect against threats.

“We do the whole packet capture and it goes through signature sets and it sends alerts to the customer,” Kaiser said.

The new Breach Detection service goes on top of the VMS and is sold as part of the same package.

“Essentially, it is a honey pot,” Kaiser said. It creates decoy hosts on the network that appear vulnerable, to smoke out intruders and detect them before they can do damage moving laterally within the network.

“The Vulnerability Assessment is really valuable, but it runs once a month,” Kaiser said. “This is something that the service does for the customer in the other 29 days of the month, and it adds more chips to our bag. We aren’t aware of anyone else offering something like this to this market at a price that they can afford.”

The target market for this is organizations with between 20 and 150 endpoints today, although the maximum number that can be supported will soon be going up significantly to appeal to larger SMBs.

“It’s server-class protection, and customers with 20 or more employees is our core market,” Kaiser said. “We have two offerings today, one of which can handle 50 endpoints and the other 150 endpoints. However, in the fall we will be introducing another, which can support 500 endpoints.”

When SOCSoter started, they sold direct – briefly.

“We would go to SMB customers, and they would ask us to talk to their regular partner, and so we built up a channel of partners that way at first,” Kaiser said. “Then the partners came to us and told us that they would prefer that we didn’t go direct at all, so we stopped.”

Today, they have over a hundred channel partners, and are looking for more.

“We don’t yet have any partners in Canada, but we can sell there,” Kaiser said. “We will be at the ASCII show in Toronto on August 22-23 to bring our message to Canadian MSPs.”

Recruitment of new MSP partners is also part of their objective at the CompTIA ChannelCon event.

“We are here to meet with customers, and current partners and learn about MSP pain points,” Kaiser said. “We are also here to get more partners – and just be a part of the community.”