Advantages of the Security Operation Center
Subscriber Benefit
As a subscriber you can listen to articles at work, in the car, or while you work out. Subscribe NowAs of the date of this article, the number of hacks and their impacts has been growing exponentially. From SolarWinds to Colonial Pipeline to JBS, hacking has increased and impacts the bottom line of each of these companies.
A recent IBM study shows the average 2020 cost of a data breach is $8.64MM. Moreover, Verizon’s 2020 Data Breach Incident Report found a 96% increase from the 2019 report. In a Forrester 2020 State of Security Report, they found only 47% of organizations noted that they are able to address most or all of the security alerts they receive in a single day.
What does the company leadership do?
What is an SOC?
The cyber security landscape is dynamic. Many IT security teams are stretched to their limits, finding it challenging to manage the ever-multiplying threats and sometimes even decipher real risks from false alarms. To combat this and more quickly identify authentic threats, many organizations have turned to the option of building their own security operations center (SOC).
The SOC is a dynamic security operation center that hunts down and responds to malicious or anomalous behavior and other abnormalities in a network. It is analogous to a US Army unit operating behind the enemy lines, 24x7x365 continuously. Another comparison is with a Network Operation Center (NOC), which monitors the network on a 24x7x365 basis. The big difference being the SOC is solely focused on security.
While the intention of this process is to mitigate cyber threats in real time, a major deterrent of an exclusive, or DIY, SOC is that they can be very expensive to run and can have a tremendous impact on the bottom line of the company. Gartner validated that small companies need 8-12 resources internally to build and manage a SOC with cyber security certified experts1. On average, they range from $100,000/yr to $150,000/yr fully loaded2. From there, add on the technology stack, and a business is paying millions of dollars for their own SOC.
An alternative has come into existence though – the security operations center as a Service, or SOCaaS.
What is SOCaaS?
The market is filled with lots of noise about SOCaaS. This service delivers cyber security people, process, and technology to its customers. Simply put, businesses simply outsource all of this to a vendor instead of trying to run the SOC themselves. This option allows companies to redeploy dollars not spent on the SOC for other critical business needs. The technology the vendor uses can sit on top of the current IT stack, or current deployed technology, the company has in place today.
Not every vendor who markets themselves as a SOCaaS is actually delivering this service. As noted earlier, a SOC runs 24x7x365. Small businesses will have 8-12 cyber security certified experts monitoring, responding, and remediating malware and ransomware threats along with other threats to the network. Moreover, the technology stack they bring in will include both active and passive components. The Manage, Detect, and Respond (MDR) component actively detects and responds to threats including stopping a hack in its tracks and remediating the breach. The Managed Risk (MR) component scans internal and external environments including the dark web, while the Cloud Security component manages cloud computing security posture.
The expectation for implementation of such a service is about 30 to 45 days depending upon the size and complexity of a business.
What are the benefits?
The major benefits of outsourcing a SOC to a well-established SOCaaS vendor includes lower cost, dedicated team, and better service allowing you to stay focused on your wildly important goals.
The cost for a do-it-yourself (DIY) SOC may run a company several million dollars per year. Whereas an outsourced, SOCaaS, may run as little as the cost of one fully loaded cyber security analyst. However, every company has its own unique needs and environments that will determine the actual cost.
Outsourcing to a SOCaaS vendor provides access to industry experts in cyber security who are dedicated to your account. They are your 24x7x365 security team.
A SOCaaS vendor provides nothing but cyber security services. Their people, process, and technology are focused on taking care of their customer’s needs 24x7x365.
A SOCaaS vendor provides better service to:
- Simplify data collection from everywhere
- Consolidate the security stack
- Turn data into metrics
- Provide simple, real-world guidance that enables compliance and provides paranoid security operations
- Automatically eradicate security threats so that clients do not have to
Arne Pedersen is the President of The LAN Network (“TLN”), a cyber security company in Indianapolis.