Why we built Defense.com™
Over the years we have observed how the IT security industry has served small businesses, with limited options available to effectively…
Brian Wagner
Chief Technology Officer
15th November 2022
With businesses constantly at risk of Cyber Attacks, leveraging a Security Operations Centre (SOC) is one way for organizations to proactively monitor and manage your threat landscape. A SOC can help your organization implement a process-driven security framework that secures business information against the threat of an attack.
Since COVID-19, 82% of small organisations increased their outsourcing of business services to reflect remote working and increasing business demands. As companies outgrow their resources, outsourcing can help free up time to provide better levels of service, including security. What’s more, comprehensive solutions like SOC-as-a-service from managed security service providers (MSSP) become accessible, giving businesses a greater chance to bolster their cyber resilience.
In this blog, we discuss the challenges that organizations can face when building their own security operations center, and why it’s often much more beneficial to use an outsourced SOC instead.
There is an inherent need for businesses to be vigilant against cyber threats, as in 2021, data breaches for businesses cost an average of between £8,460 and £13,400. A combination of experienced SOC analysts, and powerful tools like Security Information and Event Management (SIEM), work in tandem to proactively stop cyber attacks before hackers can exploit vulnerabilities across your networks.
Having a SOC can be a valuable resource for your business to identify, manage, and respond to cyber threats or incidents. It also provides you with better visibility over your environment to help reduce your level of exposure from an evolving threat landscape.
A SOC is required to operate 24/7 to be truly effective and help your business understand when you’re under attack. It’s important for your organization to acknowledge the benefits and shortcomings involved with procuring a managed SOC from a third party, compared to building one in-house.
One significant benefit of outsourcing your SOC is to ensure your organization has a log monitoring solution, such as a SIEM tool. Log monitoring is important because it allows for the detection, assessment, and management of possible security events. It will also help you to meet compliance requirements to ISO 27001 and PCI DSS.
Logs are important as they give SOC teams visibility of your systems, applications and network. While a SIEM tool correlates the log data, the SOC team will be able to interpret the data and find out what is going on, to help detect suspicious activity and proactively prevent a data breach or cyber attack. Logs can also help security teams investigate the source of a security incident retrospectively, if a breach is detected at a later stage.
By outsourcing your SOC, your business will get access to log monitoring capabilities that will benefit the security of your company and its data.
Log retention entirely depends on your security environment and the security threats that your organization may face. Our security experts recommend retaining log data for at least a year. However, different industries are held to different standards. That is why log retention will come down to budget, industry audits/standards, and compliance frameworks. In which case, log retention of 2 to 3 years may be more appropriate.
For example, under the Health Insurance Portability and Accountability Act (HIPAA), healthcare institutions must retain log data for up to six years. Whereas, businesses that store and process payment card data, are required to retain logs for up to one year to comply with PCI DSS.
One argument for not storing logs for longer than necessary is that if you suffered a data breach as far back as 3 or 4 years ago, and the breach is only now being identified, it’s arguably too late to remediate. Also, it is not cost effective for businesses to store logs for periods longer than is necessary.
Despite the costs and resources required to build a SOC in-house, large enterprises and corporations often benefit from taking this approach, as they can put in both the time and investment to customize a SOC to the needs of the business. However, this is usually out of financial reach for most mid-tier and smaller organizations.
A well-managed SOC requires experienced analysts and the capabilities to work around the clock to deliver full security coverage. Any organization looking to set up a SOC in-house should be aware of its complexities and how it could impact both their security and resources.
With that in mind, let’s explore 5 difficulties your business may encounter when building a SOC and how outsourcing could be your solution:
Building a SOC in-house is challenging and one that requires diligent planning and implementation to ensure maximum cyber protection and ROI. Businesses that are already busy with existing projects or do not have the expertise will find managing a SOC difficult. You should also consider the complexities of configuring, maintaining and managing a SIEM. Without the appropriate security expertise, building and managing a SOC in-house will reduce the effectiveness of your security function. There are several other factors that need to be considered too, such as establishing a budget, who will oversee the project, and how long before a fully operational SOC can begin to perform.
Outsourcing a SOC is easier to implement and manage than if you build one in-house. An MSSP will already have an existing infrastructure in place, including skilled security analysts who are experts at configuring and maintaining a SIEM, to comprehensively deliver instant threat detection and response. SOC-as-a-service also removes the complexity of finding skilled workers and training staff, and MSSPs will already have access to the latest threat detection and response. Therefore, you can expect greater ROI by outsourcing your SOC with little disruption to your existing business structure and operations.
To be effective, SIEM tools must ingest large amounts of log data from a variety of sources to identify suspicious activity across an organization's attack surface. SOC analysts can expect to receive an average of 11,000 security alerts per day, depending on the size of the business, environment, and customer base. This can quickly become overwhelming. Alert fatigue is an issue security teams can suffer as a result of an influx of security alerts. Reasons for this can include false positive security alerts that typically occur due to configuration issues, internal SOC teams not using their resources efficiently due to lack of skills and training, or that their internal threat intelligence tools don’t have automation features to reduce the manual triage of security threats. If security alerts are missed, ignored, or not dealt with in a timely manner, they can expose the business to cyberattacks and data breaches.
Businesses that outsource their SOC to an MSSP have greater peace of mind that their SOC teams are equipped with the necessary tools to mitigate alert fatigue. This means they can continue to provide effective threat detection and response to improve your cyber posture. Outsourced SOCs that leverage automation will streamline security alerts, helping to build a more accurate and efficient triage process and highlighting alerts that require the most attention.
For several years, the cyber security industry has been around 40% short in cyber skills worldwide. In a lagging skills market, security analysts are in high demand making it challenging for businesses recruiting for in-house SOC teams. Businesses will find it difficult to recruit and retain employees due to a low talent pool, high salaries, and the cost to train prospective candidates. This prevents an in-house SOC from providing effective threat detection and response.
With an outsourced SOC, your business will get direct access to qualified and experienced security analysts to monitor and manage a business’ network and digital environment. By outsourcing you remove the burden of recruiting, create new departments, or allocate additional funds for salaries and training expenses. Your SOC service provider will have budgets specifically to cope with skills shortages and employee turnover.
In certain cases, SOC analysts can endure laborious work hours and abnormal shift patterns that can be exhausting and stressful. There are four key factors that are taking a toll on security analysts: burnout due to an increased workload, lack of visibility of a business’ network traffic, being on call 24/7, and alert overloads. High employee turnover due to workplace stress will also impact businesses who struggle to retain experienced personnel in an industry already suffering from a shortage of skilled workers. If security analysts aren’t performing to their full capabilities, or are written off due to work-related stress, businesses may struggle to provide adequate cover to maintain a SOC that delivers strong protection against cyber threats.
An outsourced SOC can reliably deliver proactive threat detection and response 24/7/365. Hackers simply don’t operate on a 9 to 5 basis therefore working around the clock is a commitment security analysts must demonstrate for a SOC to function effectively. Responding to incidents and alerts outside of office hours is crucial in maintaining comprehensive cyber protection. A backlog of incidents can impact your business heavily when the threat landscape is broad and attacks can happen at any time, especially if you don’t have the resources to manage employee turnover.
SOC providers invest heavily in preventing employee burnout, and provisioning for employee vacation and sick leave. This gives your business the benefits of a SOC without the headache and overhead of avoiding burnout.
Building a SOC in-house is extremely costly and takes a lot of time. A SOC can take up to 12 months, or longer, to build from scratch and maintenance is equally Labour intensive. Factors to consider when building a SOC include the operational demands of recruiting experienced analysts and acquiring and maintaining state-of-the-art software like a SIEM tool. Businesses must be fully prepared to handle the expense of constructing a SOC, as considerable time and resources will also be needed before any real-world security improvements are seen.
Outsourcing your SOC will prove to be a cost-effective solution, producing greater ROI. It will also be easier to secure board level buy-in, as you will only pay for the services you need. There are no additional costs required to recruit staff or develop and maintain the technology, freeing up resources to focus on other areas of your business.
Outsourcing your SOC minimizes the burden on in-house IT and security teams and delivers cost-effective security improvements. Most companies find it easier to outsource, as building a SOC will come at a huge cost. That’s why trusted security providers can help you follow best practices and maintain good security, as it’s their business model to solve these challenges, and make high-level defense measures available to you. Outsourcing can also help sustain a consistent and process-driven SOC that gives your business the best chance of maintaining cyber security best practices and proactively defend against attacks.
Brian Wagner
Chief Technology Officer
Share this article
Over the years we have observed how the IT security industry has served small businesses, with limited options available to effectively…
As an IT manager, you’ll know that cybersecurity is a specialist subject with its own skillset, certifications, and technologies…
Discover how you can reduce the overall impact of a data breach and improve your ability to detect and respond to threats with SIEM technology.…
Looking back over the data from the past year always brings mixed feelings. There’s a sense of great achievement as we see unique technologies…
Get actionable cyber security advice and insights straight to your inbox.