Building a Security Operations Center or SOC in order to centralize defenses, coordinate and deploy people, processes, and technology is a growing part of the strategy of information security leaders in even small and medium-sized businesses.
It is more important than ever for organizations to escalate their level of protection against cyber-attacks. As we have seen from the Verizon Data Breach Investigations Report and Ponemon’s Cost of a Data Breach Study, not only have the number of attacks increased exponentially over the past years, the cost of these attacks to business has increased as dramatically.
Fortifying your organization’s security posture has become one of the top priorities for businesses across all industries.
A SOC is designed to empower security personnel to deliver continuous prevention, protection, detection and mitigation of threats to company systems. SOC teams also uncover vulnerabilities, respond to threats, and handle incidents that may be in progress on your networks or systems. There are many benefits to having an effective SOC including:
There are essentially two ways to go with a SOC: In-house SOC or Outsourced MSSP (Managed Security Service Provider); each has their own advantages and disadvantages.
Having an in-house SOC obviously costs more up front because of the employee and technology investment, but having dedicated employees that know the environment and systems better than a third party can be more efficient and solutions are easier to customize to your system. The challenge is that it may be more difficult for them to uncover threats that may be obvious to a company that specializes in identifying malware behavior and more importantly, good SOC analysts are increasingly difficult to find.
An outsourced MSSP initially costs less because you’re using their hardware, software, and experts. They have the advantage of experience with analysts who have monitored other environments, and they generally follow proven processes. Further, MSSP’s provide service level agreements so that the organizations they serve have a clear understanding of what to expect and when to expect it.
Whether in-house or outsourced, it is important to have best in class technology including an antivirus, firewalls, SIEMs, threat detection, endpoint security and more. The standard today is a layered security approach or as it has been called in the past, defense-in-depth, which creates its own complexities.
One of the reasons the most recent PWC Global State of Information Security Survey is tracking a record number of CIOs and CISOs who are searching for outsourcing solutions is because of this complexity. The number of analysts and experts that understand the exploding universe of cyber technologies and how they integrate and work together is dwindling. Further, being versed in incident response, digital forensics, malware research, signature-based tools, behavioral based tools and more is a lot to ask of a small security operations team, however, it is necessary to be protected against the number and sophistication of the attacks we are experiencing.
The most important catalyst for developing SOC capabilities is that over 60% of small businesses that experience a breach are out of business in 6 months or less according to the National Cyber Security Alliance. And as we have seen over the past couple of years, large businesses like Target, Yahoo, Home Depot, PF Chang, and others experience significant customer defections and brand damage. We can all agree that attacks are coming at an increased rate, the malware is more complex, damaging and better distributed, and the technologies built to defend against these attacks are more complex and difficult to integrate. Centralizing people, processes, and technology and improving your security posture is critical whether organizations choose to handle it in-house or partner with an MSSP.
In deciding between an in-house or outsourced SOC, there are a few questions to be considered.
In-house: how to build a Security Operations Center
Related post: Questions to ask when building a SOC
Outsourced: how to choose the right SOC
These answers to these questions should provide you with the foundational information you and your organization needs to make an informed decision. Further, simply going through the process of interviewing MSSPs and thinking through your current capabilities will provide you the insight you need to scope the challenge.