I still studying for the CCSP exam. Doing well - confident, but yet to book exam. I have noticed an increase in marketing material for Security as a Service (SECaaS), can I get some validation to my understanding that SECaaS is nothing special other than another SaaS offering with a focus on security? I don't think I've seen it in the CCSP material?
Where would outsourcing a SOC for monitoring/CND sit, I think it would fit in SaaS (labelled as SECaaS?)
Security as a Service (“SECaaS”) is a specialized offering and it depends on the service provider as to what it includes. It doesn’t neatly fit into the Infrastructure, Platform, or Software as a Service (IaaS, PaaS, or SaaS) models that the larger Information Systems and Technology community has coined, and in fact may not fit at all depending on that offering.
SECaaS may be presented in different models, and here are some quick examples:
An outsourcing of people that remote in and monitor your systems, configure security appliances and software, and update (apply patches, definition files, or reinstall software/firmware) as necessary.
An outsourcing model where management of your systems are centralized along with other clients – the SECaaS provider has access to your systems as if they are part of their own network and manages them on your behalf. Some systems may be at the SECaaS provider while others may be at your own data center. For example they centrally manage Anti-Virus, including the licensing on your behalf, and push updates to all their customers as if they are part of a larger enterprise.
A total Infrastructure outsourcing where the service provider is your edge, performing firewall, edge-AV and malware protection, VPN, and could include the other internal services as well. Your internal/external traffic flows through this provider.
Some other model that the particular SECaaS vendor has come up with.