Buy, Rent, or Uber Your Security Operations Center
October 17, 2018
We all know that data breaches cost a lot—an average of $3.6M per organization.
For cyber criminals, everyone’s a target—and perfect prevention isn’t practical. We must assume that, at some point, every organization’s IT infrastructure will be breached. That’s why we need to continuously monitor, investigate, and respond to cyber threats 24/365 if we are to avoid costly breaches and the potential impact to reputation, revenue, and customer confidence.
What better way to provide continuous monitoring and analysis than through a security operations center (SOC)? With the people, processes, and platform to continuously look across the entire organization’s networks, servers, endpoints, applications, and databases, a SOC applies expert knowledge to detect and dig into potential threats. One of the key benefits of a SOC is preventing the devastating impact of a breach by reducing the dwell time (the time between when an attacker compromises a network—minutes—and when the organization discovers the threat—typically months!)
Cost and complexity are roadblocks
Any way you look at it, a SOC is complex and expensive. It requires a lot of specialized hardware and software to generate events and alerts, which must be examined by highly skilled security analysts who can determine which ones represent real threats.
The platform is costly.
You need a well-tuned SIEM (security information and event management) to provide the visibility foundation, along with firewalls, IPS/IDS, vulnerability assessment tools, endpoint monitoring solutions, and more. All of this must be fed by threat intelligence that is specific to your organization’s goals and risk tolerance, and the results need to be augmented by machine learning and fine-tuned by human experts.
Processes are costly as well.
Detailed organization-specific playbooks need to be written, spelling out what should happen when ransomware, malware infections, distributed denial of service attacks, or other threats are seen. They specify how to investigate, what evidence to gather, and when and how to escalate.
Perhaps the most expensive component is people.
It’s difficult enough to hire a team of highly skilled security analysts with the bandwidth and expertise to perform continuous monitoring, while we are experiencing a worldwide shortage. It’s even harder to retain them in the face of stiff competition for scarce talent.
The Complete SOC: Platform. People. Process.
Finding the best route
Reaching the goal of continuous coverage is not a simple make/buy decision: it’s more of a buy/rent/co-manage decision: should you build your own SOC, outsource your SIEM (or SOC) platform, or leverage a co-managed SOC solution.
1. Building your own SOC is akin to buying a car to get from Point A to Point B.
You incur all the platform, process, and people costs – but you are in total control over where you are going and how to get there (i.e. what your organization sees as risks, threats, and responses). Of course, the cost and complexity could be prohibitive.
2. Outsourcing your SIEM or SOC platform is like renting a car.
You don’t have to make the capital outlay for hardware, but you still need to carry out all the processes—and you must hire, train, and retain your own SOC team. It’s less expensive than building your own SOC, but still quite pricy.
3. Leveraging a co-managed SOC solution is like using Uber to get to your destination.
You augment your own internal team with seasoned security experts with mature processes driving a powerful SIEM platform, yet you remain in control of the ultimate destination. A co-managed SOC ensures that the collective team is operating in concert to reach your organization-specific goals.
Uber your way to a SOC
The goal is to get from Point A (your organization’s current security and compliance posture) to Point B (stronger security posture, compliance confidence, and incident readiness). Clearly, the most cost-effective way to reach that goal is via a co-managed SOC – the Uber approach. You get the best of both worlds: the best people, processes, and platform, at the lowest cost. Not only do you avoid the people and process costs, you retain control over the aspects that are specific to your organization: your risk tolerance, your market realities, and your definition of what’s most important to you.
Maybe it’s time to follow the lead of the ride-sharing world, and take the smarter route to a SOC. Netsurion is the only managed security service provider that combines our own ISO-certified 24/7 SOC with our own award-winning SIEM platform for a truly integrated co-managed security solution.
Take a free test drive of EventTracker SIEMphonic – our co-managed SIEM + SOC service.