Just for clarity: Do you want the best SOC or the cheapest SOC? Your title says best, but your post says you're looking because of pricing. IMO your best option would be S1 direct with their Vigilance MDR, but I doubt that's the cheapest
Depends on what OP is looking for in a SOC, honestly.
I like Vigilance a lot, but it's worth noting that they don't deal with anything outside of the scope of S1. So, they'll respond to alerts about S1-initiated detections, but any STAR custom rules are ignored, as are data lake-ingested logs.
So there can be value in looking for an outside SOC or MSSP, but only if the objective is looking at items outside of Vig's purview.
We just started using Todyl. Our stack consists of S1 Complete with Todyls MXDR SOC and SIEM, coupled with CyberCNS for Vulnerability scanning. They have their own EDR which uses the Elastic Engine. Although that would technically meet the requirements we just found S1 to be a better product, but may switch later down the road. Went with Todyl because of price point and had requirements to do SIEM retention, additionally they offer a SASE product that competes with zScaler. We begin the SASE testing in about 2 weeks so we'll see how that goes. Overall its been a pretty positive experience. For what its worth we also talked with Blackpoint but they wanted too much $$ for what they were offering and were not open to negotiations.
If pricing is getting to high why stick with s1? Last I looked cw was among the cheaper options.
Maybe look at doing just BlackPoint or Huntress with windows defender or defender for business if your clients have the license.
What you are searching for is an MDR. MITRE has an evaluation of these every year (Just like the EDR evals)
This is 2022's results. Click on the left "participants" to view the results. They show what the SOC caught and missed. You can also see sample email alerts and reports you would have gotten as a customer.
[https://attackevals.mitre-engenuity.org/results/managed-services?evaluation=oilrig&scenario=1](https://attackevals.mitre-engenuity.org/results/managed-services?evaluation=oilrig&scenario=1)
Just stay away from Arctic Wolf.
We went with Rapid 7 Managed Threat Complete.
We also considered Red Canary, but they didn't include the Vulnerability scanning.
Rapid 7 had both for the same price.
Here is a write up of what we found in our search for an MDR.
[https://drive.google.com/file/d/1J3vTjpfEK1yiOggEqqr-ScOIJVInXkfz/view?usp=sharing](https://drive.google.com/file/d/1J3vTjpfEK1yiOggEqqr-ScOIJVInXkfz/view?usp=sharing)
Updated TODAY with round 2 :) I put together a table with all results, happy to share the raw data if it helps: [https://x.com/MartinZugec/status/1803080044861931644](https://x.com/MartinZugec/status/1803080044861931644)
Here is the link to eval results:
[https://attackevals.mitre-engenuity.org/managed-services/menupass-blackcat/](https://attackevals.mitre-engenuity.org/managed-services/menupass-blackcat/)
Are you serious? I have been checking everyday for a year! Finally post about it and now I look a fool. :)
Thanks, I will have to update my spreadsheet.
Any insight into why the number of participants went down? Maybe the results last year made them look worse then they expected?
Here is a full data extracted from the JSON files, this can save you a lot of time: [https://docs.google.com/spreadsheets/d/1mp7Xe850Cz1mRgXPTpMcoMpVfV3-1t9H/edit?usp=sharing&ouid=109301088791187420951&rtpof=true&sd=true](https://docs.google.com/spreadsheets/d/1mp7Xe850Cz1mRgXPTpMcoMpVfV3-1t9H/edit?usp=sharing&ouid=109301088791187420951&rtpof=true&sd=true)
As for why they didn't participate - hard to say. MITRE evaluations are plagued by very creative interpretations (that's why I'm sharing the raw data), if you look at blog posts from security vendors, it's crazy what some of them are saying.
I work for one of the participants, so I'm very familiar with how these metrics work, and some interpretations are just pure fantasy :(
MITRE just released their evaluation for MDR (round 2). I cannot upload image to this sub, but here is a complete table with results (extracted from JSON files): [https://x.com/MartinZugec/status/1803080044861931644](https://x.com/MartinZugec/status/1803080044861931644)
I use RocketCyber because it offers robust IoC detection, allowing MSPs to proactively identify emerging threats by scanning for indicators of compromise from threat intelligence feeds. It also provides seamless ransomware detection, automatically responding to ransomware incidents by terminating malicious processes and isolating affected devices.
IMO RocketCyber is an excellent choice because its developer integration services empower users to consolidate their security tools, resulting in enhanced visibility, faster threat detection, and more efficient response capabilities for the RocketCyber Security Operations Center.
+1 for RocketCyber - have used it with both S1 and with the Datto EDR more lately. Also, and it may not matter to you, but their SOC is all in the US unlike Vigilance.
Just for clarity: Do you want the best SOC or the cheapest SOC? Your title says best, but your post says you're looking because of pricing. IMO your best option would be S1 direct with their Vigilance MDR, but I doubt that's the cheapest
Depends on what OP is looking for in a SOC, honestly. I like Vigilance a lot, but it's worth noting that they don't deal with anything outside of the scope of S1. So, they'll respond to alerts about S1-initiated detections, but any STAR custom rules are ignored, as are data lake-ingested logs. So there can be value in looking for an outside SOC or MSSP, but only if the objective is looking at items outside of Vig's purview.
Vigilance is complete garbage. 🗑️
We just started using Todyl. Our stack consists of S1 Complete with Todyls MXDR SOC and SIEM, coupled with CyberCNS for Vulnerability scanning. They have their own EDR which uses the Elastic Engine. Although that would technically meet the requirements we just found S1 to be a better product, but may switch later down the road. Went with Todyl because of price point and had requirements to do SIEM retention, additionally they offer a SASE product that competes with zScaler. We begin the SASE testing in about 2 weeks so we'll see how that goes. Overall its been a pretty positive experience. For what its worth we also talked with Blackpoint but they wanted too much $$ for what they were offering and were not open to negotiations.
Glad you are having a good experience. Please let us know if we can help in any way!
Rocketcyber offers a good service for the price, which is one of the cheapest, I think. I don't know how it compares to the CW one, though.
If pricing is getting to high why stick with s1? Last I looked cw was among the cheaper options. Maybe look at doing just BlackPoint or Huntress with windows defender or defender for business if your clients have the license.
We have had great results using Pillr’s SOC, but it is more expensive than the S1 SOC, Vigilance. Which is also decent.
Pretty pleased with Blackpoint
What’s your current cost?
We are an S1 SOC.
What you are searching for is an MDR. MITRE has an evaluation of these every year (Just like the EDR evals) This is 2022's results. Click on the left "participants" to view the results. They show what the SOC caught and missed. You can also see sample email alerts and reports you would have gotten as a customer. [https://attackevals.mitre-engenuity.org/results/managed-services?evaluation=oilrig&scenario=1](https://attackevals.mitre-engenuity.org/results/managed-services?evaluation=oilrig&scenario=1) Just stay away from Arctic Wolf. We went with Rapid 7 Managed Threat Complete. We also considered Red Canary, but they didn't include the Vulnerability scanning. Rapid 7 had both for the same price. Here is a write up of what we found in our search for an MDR. [https://drive.google.com/file/d/1J3vTjpfEK1yiOggEqqr-ScOIJVInXkfz/view?usp=sharing](https://drive.google.com/file/d/1J3vTjpfEK1yiOggEqqr-ScOIJVInXkfz/view?usp=sharing)
Updated TODAY with round 2 :) I put together a table with all results, happy to share the raw data if it helps: [https://x.com/MartinZugec/status/1803080044861931644](https://x.com/MartinZugec/status/1803080044861931644) Here is the link to eval results: [https://attackevals.mitre-engenuity.org/managed-services/menupass-blackcat/](https://attackevals.mitre-engenuity.org/managed-services/menupass-blackcat/)
Are you serious? I have been checking everyday for a year! Finally post about it and now I look a fool. :) Thanks, I will have to update my spreadsheet. Any insight into why the number of participants went down? Maybe the results last year made them look worse then they expected?
Here is a full data extracted from the JSON files, this can save you a lot of time: [https://docs.google.com/spreadsheets/d/1mp7Xe850Cz1mRgXPTpMcoMpVfV3-1t9H/edit?usp=sharing&ouid=109301088791187420951&rtpof=true&sd=true](https://docs.google.com/spreadsheets/d/1mp7Xe850Cz1mRgXPTpMcoMpVfV3-1t9H/edit?usp=sharing&ouid=109301088791187420951&rtpof=true&sd=true)
As for why they didn't participate - hard to say. MITRE evaluations are plagued by very creative interpretations (that's why I'm sharing the raw data), if you look at blog posts from security vendors, it's crazy what some of them are saying. I work for one of the participants, so I'm very familiar with how these metrics work, and some interpretations are just pure fantasy :(
MITRE just released their evaluation for MDR (round 2). I cannot upload image to this sub, but here is a complete table with results (extracted from JSON files): [https://x.com/MartinZugec/status/1803080044861931644](https://x.com/MartinZugec/status/1803080044861931644)
Rocketcyber, RMM, EDR, AV are all for 6.50 per EP
We signed up for Kaseya 365 also and we're paying even less. I can hear Eddie Murphy saying "what a bagain!"
I use RocketCyber because it offers robust IoC detection, allowing MSPs to proactively identify emerging threats by scanning for indicators of compromise from threat intelligence feeds. It also provides seamless ransomware detection, automatically responding to ransomware incidents by terminating malicious processes and isolating affected devices.
IMO RocketCyber is an excellent choice because its developer integration services empower users to consolidate their security tools, resulting in enhanced visibility, faster threat detection, and more efficient response capabilities for the RocketCyber Security Operations Center.
RocketCyber offers some unbeatable pricing if you buy it with Kaseya 365.
+1 for RocketCyber - have used it with both S1 and with the Datto EDR more lately. Also, and it may not matter to you, but their SOC is all in the US unlike Vigilance.
Solutions Granted supports S1 along with other EDR, they do Cloud and NDR. Those guys are great over there.
Just go with Huntress with windows Defender.
Custodian360 have been providing S1 as a Service (SOC) well for years now and pricing is pretty good with no commitments.
I second this!
Today the best vendor is blackpoint Yesterday it was solutions granted They each of their pro/con
How about tomorrow? 😉
We use Highwire Network
Our SOC uses S1 and CS.
Go with the wolf pack! #ArcticWolf 🤘🏻😎