A Security Operations Centre (SOC) is mission control for your cybersecurity function. This is where people, technology and processes align to ensure you’re doing everything possible to detect, protect, analyse and respond to cybersecurity threats.
Having an in-house SOC, a team of highly qualified cybersecurity experts on the payroll, is the dream of many IT leaders and CISOs. Unfortunately, it’s not always feasible as the costs of running an internal SOC can be prohibitive. That’s why you might be thinking about outsourcing and working with a Managed Security Services Provider (MSSP) who offers Managed SOC or SOC as a Service.
As you research your options around SOC outsourcing, you’ve probably come across a few myths about this approach. Perhaps you’ve seen a spot of scaremongering on the internet, or stories from colleagues and peers that raise the hairs on the back of your neck.
While of course there are pros and cons to SOC outsourcing, there are several myths that cause MSSPs to take a deep breath before explaining why they’re plain wrong.
Here, in an attempt to debunk these myths for good, are the most common ones that you should ignore.
Keeping your business secure and connected
For insightful content that helps demystify and simplify our complex industry, follow us on LinkedInFollow
5 SOC outsourcing myths, debunked
1. Data could be compromised
Of course, you’re right to be concerned that an external provider could compromise your data. However, when you’re dealing with a MSSP this really shouldn’t be a concern. After all, they are cybersecurity experts. Their whole business and reputation are intrinsically linked to their ability to keep your data safe.
Your data also remains in your IT infrastructure, the MSSP doesn’t move it to theirs. In fact, a SOC only looks at the metadata and log files, not the content of the files.
2. You’ll no longer have visibility over your security
In many cases the opposite is true. A Managed SOC provides you with cybersecurity tools that increase your security visibility, tools that you might not have in-house.
The MSSP will also use their own real-time dashboards to provide a single pane view of all the tools deployed on your behalf to monitor, protect and respond to threats. Typically, this will include a SIEM (Security Information and Event Management) for real-time continuous threat monitoring. This pulls data from disparate systems, or uses a separate log management platform, to create a single pane of glass visibility.
You’ll be able to access these too in order to increase your visibility over your environment.
3. A Managed SOC is expensive
It’s also expensive not to have SOC. The main reason IT leaders outsource their SOC is because it’s too expensive to run in-house, and the cost of a data breach is even more expensive.
Consider the following. An internal SOC team usually consists of:
- An incident responder
- A security investigator
- An advanced security analyst
- A SOC manager
- A security engineer/architect
Five people at a minimum, costing upwards of £300,000 per annum based on current salary levels. Staffing costs aren’t limited to salaries either, so the cost of staffing a SOC will be higher.
Then you need to factor in the costs of tooling such as SIEM, External Threat Intelligence and Vulnerability Scanning. That could be anywhere between £30,000 to £200,000 depending on the solutions you deploy.
Now consider the cost of doing nothing. The annual Cost of a Data Breach Report 2021, conducted by the Ponemon Institute, puts it at $4.24 million (or £3.79 million). This is an increase of 10% on 2020, and the highest yet since the report was first launched 17 years ago.
Finally, what’s the average cost of a Managed SOC? Typically, MSSPs price on a per user basis, or per number of devices. There’ll also be different levels of support and these are priced accordingly. However, on average you should expect to pay between £65 to £220 per user per month. This could be a lot more affordable compared to the other options.
4. MSSPs don’t understand your organisation
There is a misconception that because MSSPs serve multiple enterprise clients, they only have a high level view of you, your organisation, your IT environment and your security posture.
This can be true of some providers, as not all MSSPs are equal. However, most go above and beyond to understand your organisation and become an extension of your team.
It all comes down to the onboarding process and some of the responsibility for this falls to you. It’s best practice to take the time to outline your organisation’s requirements, your priorities and business goals, so they can align the service with your needs. Make sure that you provide them with all the information requested such as policies and procedures. Work together to define the SOC run book - the set of procedures that are triggered in the event of an incident - especially if some or all incidents are escalated to your internal team.
Communication is key.
5. We don’t need 24/7 security monitoring, we’re only open 9-5
You may be tucked up in bed at 2am but cybercriminals work 24/7. An attack on your server could come from anywhere in the world, at any time, and if no one’s monitoring the network 24/7 that attack could have plenty of time to cause damage.
Insider threats are also a possibility outside of business hours, especially as more people work flexibly and remotely. An employee could check their email late at night and trigger a phishing attack, or a malicious insider might take the opportunity to do their worst when they suspect the IT team is asleep.
Protecting your network out of hours with an internal SOC is expensive. Your security team will expect to be generously compensated for working anti-social hours, while for a Managed SOC provider, it’s routine. If they offer 24/7 threat monitoring and protection, that’s what you’ll get.
As you can see, there are some myths in circulation about outsourcing SOC that really don’t stack up. However, SOC outsourcing is not something to take lightly, and it’s vital that you assess different providers and levels of support to ensure you’re getting the best service possible.
Access the latest business knowledge in IT
Join the conversation...