build vs buy graphic banner

The SOC Dilemma: Build, Buy or In Between?

IT security teams have a very difficult job, with an ever-changing threat landscape and the fact that a cyberattack only has to succeed once for an organization to be negatively affected. At the same time, most organizations are strapped for resources, especially when it comes to training and keeping experienced in-house security staff. A recent study conducted by Cybersecurity Ventures on the cybersecurity skills shortage found that the staffing shortage will grow to 3.5 million open positions by 2021.

Now, more than ever, organizations need to think about whether it makes sense to fully manage their own security operations in-house, share their cybersecurity responsibilities with a managed security services provider (MSSP), or outsource their cybersecurity operations completely.  

To Build Or Not To Build

Many organizations that currently operate an in-house security operations center (SOC), started on this path at a time when there were fewer acceptable alternatives. Large organizations with the scale to build SOCs see the benefits in terms of control of operations and data and the ability to customize processes to their specific needs. CIOs making the build vs. buy decision today would likely weigh the pros and cons differently from their predecessors

For starters, the cost of hiring, training and retaining staff will only increase as the cybersecurity skills shortage continues to grow. While the upfront costs to invest in security products and operational systems is significant, the real challenges are the time it takes to operationalize these investments and the high risk of building a security operations center that does not effectively prevent security breaches. In-house SOCs also risk becoming insular and are seldom the first to identify and respond to new threats.

To build a SOC from scratch can take 18 months. Time and resources are consumed with hiring staff, acquiring and optimizing technology, building security use cases, fine tuning threat intelligence and analytics, defining and documenting procedures and more. Tweet This Fact! Like any significant project, the risk is that it will take longer and cost more than originally planned.

The Co-Managed/Hybrid Model

In a hybrid model, the duties of managing the SOC are shared between the organization and an MSSP. Through co-management, enterprises can build on the existing investments they have made in people and technology. By picking and choosing the services they need most, leveraging advanced use cases and content and extending their security monitoring to 24×7 coverage, enables IT security teams to become more effective and responsive.

In a Co-Managed security model, the cost savings can be significant, compared to keeping everything completely in-house. Based on a  three-year total cost of ownership, the cost of a co-managed SOC model is typically half the cost of an in-house model.

Completely Outsource

A third option for enterprises is to outsource the SOC completely and leverage a managed security services provider’s expertise and resources. This will greatly improve overall scalability and can save on costs associated with having to build your own cybersecurity program from scratch, or share SOC management duties.

Just like the other two options, there are pros and cons to the fully outsourced model as well.  

Cons: Outsourcing security operations to a managed security service provider creates a dependency on a third party and requires coordination between the internal and external teams. Depending on the MSSP’s ability to customize their services, organizations may have to compromise on the method of service delivery. Where an MSSP can align the way it detects threats, escalates alerts, and responds to security events to a customer’s unique environment, the efficacy of their service is considerably increased. Therefore it is important to choose an MSSP that is responsive and can be a true extension of your IT team.

Pros: At its heart, the job of a SOC is to accurately detect indicators, attack or compromise and quickly contain them. To do this effectively requires a significant investment in people, processes, and technology. Many organizations simply do not have the budget, expertise or scale to do this function completely in-house. To staff this function requires a range of talent that includes SIEM content development, security engineering, threat research and tiers of SOC Analysts. Hiring and retaining this talent is less challenging for MSSPs who have the opportunity to provide a career path for employees. Experienced MSSPs are better able to operate a 24×7 security monitoring service or distribute the function on an around-the-clock basis.

The decision to use an MSSP is not just a question of cost and logistics – it is also an efficacy issue. After all, nobody is thanked for “failing cheaply”. By choosing the right MSSP, an organization should benefit from a world-class security detection and response service which can be quickly implemented, tailored to the client’s needs and is scalable. Effective MSSPs use both advanced analytics and expert investigations to detect and prioritize relevant threats and discover suspicious behavior. New threats often move across industries and geographies and MSSPs can use their visibility into their diverse customer base to minimize the risk of a security breach.

Next-generation firewalls and endpoint security products are an important part of a modern cyber defense strategy. However, not all organizations have the expertise to deploy and manage these technologies. MSSPs can offer services to off-load management tasks like configuration management, tuning, patch management, and managed response, as well maximize the effectiveness of these investments.

Choosing What’s Right For You

When business decision-makers are trying to choose the right solution, whether it’s building an in-house SOC, Co-Managing or Fully Outsourcing, there are a number of questions they should ask themselves, including:

  • What is your existing approach to security operations and how is it working?
  • Do you have the budget and ability to recruit and grow an in-house team?
  • What is your organization’s risk profile as it relates to cyber threats?
  • How dynamic is your environment – is your organization growing, acquiring companies, introducing new services or products?

It’s important to assess the needs of your organization, thoroughly evaluate potential providers, crunch the numbers, and consider your timeline before choosing the deployment or an MSSP that’s right for you.

If you find yourself needing an MSSP solution, check out our customizable services here.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.