The Intricacies of Constructing an Efficient Security Operations Center>
Security Boulevard – Alex Vakulov
When deciding between an in-house security operations center (SOC) or an outsourced one, there are several factors to consider.
Management policy plays a significant role in determining the future of SOC in an organization.
Some companies may prefer to keep IT and information security processes in-house due to concerns about privacy, protecting their brand’s reputation, strategic planning, and more.
However, creating an in-house SOC may not be feasible for all companies.
Here are three critical factors to evaluate before constructing an in-house SOC:
1) **Budget**: Setting up and operating a SOC can be a significant financial undertaking.
Costs may include design, security tools, staffing, integration development, incident identification routines, response mechanisms, and more.
Even if a company outsources some aspects, handling the remainder in-house can lead to unforeseen challenges and additional expenses.
2) **People**: Hiring and training employees for the SOC is crucial.
It’s beneficial to explore specialized departments of information security in local universities, as they may have potential candidates.
It’s also worth investigating if there are ready-made SOC analysts and architects in the region.
3) **Time**: Establishing a SOC takes time, and it’s often underestimated by budget holders.
Introducing the technical infrastructure alone can take up to six months, and establishing workflows, hiring staff, and achieving full functionality and efficiency may require up to two years.
If a company has carefully evaluated and accounted for these critical factors and believes it is in a favorable position, building an in-house SOC can be a viable option.
However, if there is uncertainty or lack in any of these factors, outsourcing the SOC may be a more prudent choice.
Once the decision to pilot a SOC is made, it’s important to gather proposals and define fundamental requirements.
This includes clarifying the need for a SOC, identifying potential threats and targets, and envisioning the SOC’s evolution over the next few years.
After analyzing proposals and comparing them with your needs, a list of companies can be selected for the pilot project.
When conducting a pilot project, there are two approaches to consider:
1) Piloting multiple service providers simultaneously: This allows for a direct comparison of incident detection scenarios and response quality.
However, configuring information security event sources and understanding each provider’s logic can be challenging.
2) Sequentially piloting different service providers: Each provider can demonstrate their capabilities without conflicts in configuring event sources.
This approach provides more time for evaluation and understanding of each provider’s specifics, but it may prolong the testing process.
During the pilot project, it’s essential to assess the team managing the project, evaluate their assistance in setting up sources, and review the quality of investigation reports and service level agreements offered by the providers.
In conclusion, whether selecting an in-house SOC or outsourcing it, carefully evaluating critical factors and conducting a pilot project can help determine the right path forward.
Link: https://securityboulevard.com/2023/11/the-intricacies-of-constructing-an-efficient-security-operations-center/