The Security Operations Centre (SOC) remains a critical component of a well-oiled enterprise cybersecurity programme. The SOC is the central hub for the detection, analysis, monitoring and management of security incidents every day, 24-hours a day, 365 days a year. In fact, the organisation’s reliance on the SOC has increased exponentially alongside the threats and this means it has to be mature and agile enough to withstand any onslaught of any potential risk that is realised. This is reflected in how much companies are paying to maintain and run an internal SOC – according to the Ponemon Institute, this is $2.86 million annually – and the fact that 73% of companies believe their SOC is a critical part of their cybersecurity strategy.
However, the real business value is in the services and functionalities inherent within a mature SOC. A SOC has three interconnected components: people, processes and technology. Bringing all three together in an environment that can tangibly deliver on the SOC mandate requires precision and a centre that deftly does so can be defined as mature. This level of SOC is capable of detecting attacks from multiple points and threat actors, proactive responsiveness, and mitigating risk to an exceptionally high standard.
The reality though is that for most companies, achieving this level of maturity and ongoing investment into functionality and capability is too time consuming and expensive. And even when they do manage to build a high performing SOC internally, it is difficult to replicate the visibility and repetitions that managed SOCs have.
Managing any SOC is challenging. It has to be capable of ingesting data from multiple systems, detecting events, analysing alerts, automating standardised tasks, managing multiple systems and touchpoints, reporting on incidents and the environment, and staying ahead of the ever-evolving threat landscape. While each of these capabilities takes pressure off the organisation’s risk profile, it adds pressure with increased demand for skilled security employees and the need to stay up to date with threats and technologies.
McKinsey found that as cyber-attacks are likely to increase by 300% by 2025, customers don’t have the tools they need to stay ahead of the threats. It’s too complex and evolving at such a radical pace that security teams and systems are battling to keep pace. McKinsey points out that outsourced services are key as companies can not only lean heavily on security-centred organisations for robust security, but they don’t need to enter the battle for skills either. Organisations can benefit immensely from managed security services as they allow for the development of a holistic security ecosystem without the need to expend resources on talent, infrastructure and maintenance.
The reality is that delivering robust, reliable security services to one’s business is a lot of work and comes at a great expense. Outsourcing security services with a managed security services provider (MSSP) plugs that gap, and takes away that workload. MSSPs have the operational capability and established SOC best practice to deliver security operations to an exceptionally high standard. They remove the CAPEX costs, the administrative burden and the need to remain on the very edge of security updates and trends by simply delivering everything in one cohesive solution.
And this is where businesses can benefit from that most important of business metrics – return on investment (ROI). The burden of the SOC sits with the MSSP which means that business leaders can turn their focus to core operations and markets without the need to diversify into security. With a trusted SOC, an organisation will benefit from managed detection and response (MDR), accessible talent with relevant skills, high-end security capability and the latest in technology.
The outsourced SOC is more than a line item as it is part of the business ecosystem and a highly agile tool that delivers measurable ROI across risk reduction, admin, and functionality. On the other part, as estimates put running a service such as the SOC as high as $1.3 million a year, achieving return on security investment (ROSI) for organizations opting to build and mature an internal SOC may be elusive.
Ultimately, the most powerful benefit of the outsourced SOC as an enterprise partner is its power to blend people, process and technology into a packaged whole that can plug-and-play in any enterprise, anywhere.
This article was written by Robert Ngetich, Team Lead, Threat Intelligence Centre, Dimension Data East & West Africa.