The Dataprise Blog

Security Operations Center: Build or Outsource?

Apr 13, 2021 BY Mary Beth Hamilton

Security Operations Center: Build or Outsource?

With more technology in use than ever before and even more on the horizon, cybersecurity is a major focus for companies today. In fact, global spending is expected to reach $171 billion next year based on current expenditure. The Enterprise Strategy Group (ESG) also revealed that 62% of surveyed organizations would be increasing their security spending, brought on largely by the vulnerability of at-home workers.

So this ultimately begs the question for midmarket organizations: should a company be building its own security operations center or outsourcing the work to a managed security service provider (MSSP)? Learn more about what it takes to build a center from scratch before making up your mind.

 

Critical SOC Infrastructure

An in-house SOC is undoubtedly a major undertaking for any company, especially when you consider that resources are not always a one-time expense.

 

Security Hardware

Cybersecurity starts with having the right security platforms. This includes servers, firewalls, Endpoint, Intrusion Detection Systems (IDS), and/or Intrusion Protection Systems (IPS). Keep in mind that with the pace of technology, your hardware is predicted to last anywhere from 3 to 5 years. Usually though, the number is closer to 3 years (even with regular updates).

 

Security Software

Solutions like multi-factor authentication (MFA) are required regardless of approach but where things get complex is with advanced security systems including a Security Information and Event Management (SIEM). A SIEM serves as the brain of your cyber stack, but it is only as intelligent as the threat feeds, alerts and other data it is fed by systems across your environment.  

 

Trained Security Analysts & Threat Hunters

First you must find experienced security analysts and threat hunters that can do more than just execute security runbooks. They must know how to identify true anomalies displayed by the SIEM and conduct rapid incident response.

And, just finding these cyber security pros is another challenge – there is a global cybersecurity skills shortage. According to another ESG report, 70% of cybersecurity professionals claim that their organization is impacted by the cybersecurity skills shortage.

Finally, because hackers don't keep regular hours, neither can your security analysts and threat hunters. For most midmarket organizations, the standard advice is to have 12 people working shifts that cover every hour of the day, every day of the week. With 12 employees, you can guarantee that you'll have enough people to cover each shift (even if some employees take leave).

 

Ongoing Training

Cybersecurity professionals need industry certifications to do their jobs. If they want to stay up-to-date with new tactics, techniques, and procedures (TTP), they need ongoing education credits. These costs will increase over time, and they're an unavoidable expense if you're going to build a SOC.

 

In-House SOC Hazards

From the initial purchase to the inevitable maintenance, the initial investment for an in-house SOC can be jarring to a CIO, CFO or CEO. Considering most midmarket organizations have an overall IT budget of approximately $20 million and that 15% of this total budget is usually put toward security. That's approximately $3 million allotted to effectively protect the entire company.

It's never a good time to skimp on security, but the risks are even higher after the pandemic. Both employees and companies are rethinking how the work is done, and this is all music to a cyber criminal's ears.

 

Outsourcing Your Security Operations Center

Outsourcing a center will mean giving up some control, which not every CIO or CISO wants. However, the trade-off is a trained team that specializes in implementing effective security. Experienced MSSPs already have the tools and resources they need, without your having to go through the painstaking process of doing it yourself.

Plus, the right SOC will have all the expertise you need to keep costs down without compromising the quality of your security. Instead of worrying about tracking advancements in cyber systems, reminding workers to update their certificates, or debating the relative merits of four kinds of software, an outsourced team can reduce complexity while ensuring you have cutting-edge security protection.

Get a No-Cost Cybersecurity Check

Information Security
Want the latest IT insights? SUBSCRIBE