Web performance and security services firm Cloudflare has launched its 'Security Operations Center as a Service' offering to managed security service providers globally.
With the service a team of cyber security experts within Cloudflare will augment security and network teams at MSSPs to: monitor enterprise environments for security threats and operational disruptions, triage and respond to custom alerts, perform deep analysis to identify attack vectors and network outages, and implement counter-measures to mitigate incidents during attacks.
Otto Imken, head of support at Cloudflare, said: “Sitting where we do, we have become very good at managing threats at internet-scale. A customer-available SOC as-a-service focused solely on attack monitoring and mitigation was a logical addition to enhance our existing automated protection systems - like our autonomous edge DDoS protection that actively protects all our customers against DDoS attacks across Layers 3 to 7.”
He said that when large enterprise networks experience an unmitigated surge or mysterious traffic patterns they need analysis and human intervention immediately. Cloudflare SOC as a Service answers that customer need, he said, with a “white-glove, proactive team of network security engineers dedicated to protecting enterprises from security threats”.
Imken said: “We’ve worked closely with our Cloudflare Partner Network to supplement our SOC as a Service offering and provide our customers the freedom to choose a partner that meets their needs and service-level requirements.”
The initial set of global MSSP partners for the launch of SOC as a Service includes Wipro, GlobalDots, Insightz Technology and BeyondID.
Incidents trigger the SOC as a Service response process for enterprises of all sizes across Layers 3, 4 and 7. It provides direct engagement with and escalation to Cloudflare's team of security operations engineers monitoring an algorithm-based alerting system.
Cloudflare claims its system can reduce the number of false positives when it comes to triggering security incidents. When a real one happens engineers investigate the attack vectors and make recommendations for configuration updates.
They will “proactively mitigate where possible, working in real-time with MSSP teams based on a customer-approved action plan”, said Cloudflare.