A reported by Ponemon on The Economics of Security Operations Centers: What Is the True Cost for Effective Results” included a number of key findings to consider if you are looking at setting up a SOC, reviewing the value of your current SOC or considering outsourcing SOCaaS. According to the report, the average organization spends $2.86M annually on an in-house SOC with mediocre results. Some of the challenges with internal SOCs include:
- The salary of the average analyst is expected to increase 29 percent in 2020.
- The time to hire and train one analyst is almost one year and on average the analyst stays slightly more than two years.
- The cost effectiveness of the SOC is diminished because those responsible for hiring and training say it takes them away from their other responsibilities.
In response to why it’s so difficult to staff an in-house SOC, respondents gave these reasons (more than one response was permitted):
Internal SOCs simply can’t keep pace with analyst turnover. Outsourcing this function isn’t always the answer either as 32% reported their Managed Security Service Providers (MSSPs) are only moderately effective and 26% said their MSSPs are ineffective. Even for those reporting an ineffective MSSP, 16% planned to stay with the current MSSP because they believe it will be too difficult to transition to another vendor.
It doesn’t have to be this way. By leveraging a SOCaaS, the 24/7 analyst staffing and training burden no longer exists. At Foresite, our analysts have several career paths from advancing in the SOC, to moving into cybersecurity testing, compliance consulting or incident response teams, which helps to keep them motivated and engaged.
Our proprietary software automates alerts using data correlation, threat intelligence and business rules so analysts can focus on validation and not trying to find needles in a haystack of millions upon millions of raw logs. Active threat hunting provides a more proactive approach to looking for adversaries, and through incident response services, the burden of determining next steps when an issue is discovered is no longer solely resting on the client, as we can provide 24/7 access to cyber attorneys, forensics and even public relations to help them through each step, including when an incident goes beyond the IT team and it’s time to get other stakeholders involved in decisions.
As far as making a transition goes, because we own our proprietary tools, we do not have to pass along expensive upfront costs and licensing renewals. We work with clients on a fixed-cost model with no usage charges in order to make our SOCaaS an operational expense and not a major capital investment. This has made is easy for both clients who had their own internal SOC/SIEM and those moving to us from MSSPs able to do so, and in many cases, save money over the previous investment.
Don’t settle with your SOC, it’s simply too important. Make sure you have the resources and the tools to make this critical component of your security and compliance an effective one.