We Value Your Privacy

We use technology such as cookies on our website, and through our partners, to personalize content and ads, provide social media features, and analyse our traffic. To find out more, read our privacy policy and Cookie Policy. Please also see our Terms and Conditions of Use. By accepting these terms you agree to your information being processed by Inbox Insight, its Partners or future partners, that you are over 18, and may receive relevant communications through this website, phone, email and digital marketing. For more information on how we process your data, or to opt out, please read our privacy policy. Our policies and partners are subject to change so please check back regularly to stay up to date with our terms of use and processing.

Accept Terms Settings

5 SOC Outsourcing Myths IT Leaders Need to Ignore

{authorName}

NomiosExperts in cybersecurity and networking.

Monday, September 26, 2022

Myths about SOC outsourcing may be preventing you from taking advantage of cybersecurity services that can make a significant positive impact for you and your team.

Article 5 Minutes
5 SOC Outsourcing Myths IT Leaders Need to Ignore

A Security Operations Centre (SOC) is mission control for your cybersecurity function. This is where people, technology and processes align to ensure you’re doing everything possible to detect, protect, analyse and respond to cybersecurity threats.

Having an in-house SOC, a team of highly qualified cybersecurity experts on the payroll, is the dream of many IT leaders and CISOs. Unfortunately, it’s not always feasible as the costs of running an internal SOC can be prohibitive. That’s why you might be thinking about outsourcing and working with a Managed Security Services Provider (MSSP) who offers Managed SOC or SOC as a Service.

As you research your options around SOC outsourcing, you’ve probably come across a few myths about this approach. Perhaps you’ve seen a spot of scaremongering on the internet, or stories from colleagues and peers that raise the hairs on the back of your neck.

While of course there are pros and cons to SOC outsourcing, there are several myths that cause MSSPs to take a deep breath before explaining why they’re plain wrong.

Here, in an attempt to debunk these myths for good, are the most common ones that you should ignore.

Keeping your business secure and connected

For insightful content that helps demystify and simplify our complex industry, follow us on LinkedIn

Follow ifp.ClickDetails"

5 SOC outsourcing myths, debunked

1. Data could be compromised

Of course, you’re right to be concerned that an external provider could compromise your data. However, when you’re dealing with a MSSP this really shouldn’t be a concern. After all, they are cybersecurity experts. Their whole business and reputation are intrinsically linked to their ability to keep your data safe.

Your data also remains in your IT infrastructure, the MSSP doesn’t move it to theirs. In fact, a SOC only looks at the metadata and log files, not the content of the files.

2. You’ll no longer have visibility over your security

In many cases the opposite is true. A Managed SOC provides you with cybersecurity tools that increase your security visibility, tools that you might not have in-house.

The MSSP will also use their own real-time dashboards to provide a single pane view of all the tools deployed on your behalf to monitor, protect and respond to threats. Typically, this will include a SIEM (Security Information and Event Management) for real-time continuous threat monitoring. This pulls data from disparate systems, or uses a separate log management platform, to create a single pane of glass visibility.

You’ll be able to access these too in order to increase your visibility over your environment.

3. A Managed SOC is expensive

It’s also expensive not to have SOC. The main reason IT leaders outsource their SOC is because it’s too expensive to run in-house, and the cost of a data breach is even more expensive.

Consider the following. An internal SOC team usually consists of:

  • An incident responder
  • A security investigator
  • An advanced security analyst
  • A SOC manager
  • A security engineer/architect

Five people at a minimum, costing upwards of £300,000 per annum based on current salary levels. Staffing costs aren’t limited to salaries either, so the cost of staffing a SOC will be higher.

Then you need to factor in the costs of tooling such as SIEM, External Threat Intelligence and Vulnerability Scanning. That could be anywhere between £30,000 to £200,000 depending on the solutions you deploy.

Now consider the cost of doing nothing. The annual Cost of a Data Breach Report 2021, conducted by the Ponemon Institute, puts it at $4.24 million (or £3.79 million). This is an increase of 10% on 2020, and the highest yet since the report was first launched 17 years ago.

Finally, what’s the average cost of a Managed SOC? Typically, MSSPs price on a per user basis, or per number of devices. There’ll also be different levels of support and these are priced accordingly. However, on average you should expect to pay between £65 to £220 per user per month. This could be a lot more affordable compared to the other options.

4. MSSPs don’t understand your organisation

There is a misconception that because MSSPs serve multiple enterprise clients, they only have a high level view of you, your organisation, your IT environment and your security posture.

This can be true of some providers, as not all MSSPs are equal. However, most go above and beyond to understand your organisation and become an extension of your team.

It all comes down to the onboarding process and some of the responsibility for this falls to you. It’s best practice to take the time to outline your organisation’s requirements, your priorities and business goals, so they can align the service with your needs. Make sure that you provide them with all the information requested such as policies and procedures. Work together to define the SOC run book - the set of procedures that are triggered in the event of an incident - especially if some or all incidents are escalated to your internal team.

Communication is key.

5. We don’t need 24/7 security monitoring, we’re only open 9-5

You may be tucked up in bed at 2am but cybercriminals work 24/7. An attack on your server could come from anywhere in the world, at any time, and if no one’s monitoring the network 24/7 that attack could have plenty of time to cause damage.

Insider threats are also a possibility outside of business hours, especially as more people work flexibly and remotely. An employee could check their email late at night and trigger a phishing attack, or a malicious insider might take the opportunity to do their worst when they suspect the IT team is asleep.

Protecting your network out of hours with an internal SOC is expensive. Your security team will expect to be generously compensated for working anti-social hours, while for a Managed SOC provider, it’s routine. If they offer 24/7 threat monitoring and protection, that’s what you’ll get.

As you can see, there are some myths in circulation about outsourcing SOC that really don’t stack up. However, SOC outsourcing is not something to take lightly, and it’s vital that you assess different providers and levels of support to ensure you’re getting the best service possible.

Further Reading

Nomios

Nomios

We design, secure and manage your digital infrastructure. Our enthusiastic and dedicated professionals develop innovative solutions for your security and network challenges. We deliver our best work by fusing extensive experience with analytical thinking and creative strength. In a world overrun with hype, our team offers a no-nonsense approach and practical advice. Our services, methods and communication are clear and agile. We believe strongly in solid partnerships as a condition for shared success. Enabling your business to accelerate and thrive.

 

https://www.nomios.co.uk/

Comments

Join the conversation...

Further Reading