The cloud-native platform for centralized log management
Analytics, visualizations, and workflows purpose built for practitioners
Leading firms gaining more value from their machine data
Any source, any velocity – centralize logs, metrics, and traces for full visibility.
Close the gap between detection and response with an analyst-focused, cloud-native approach.
Understand complex environments with visual analysis and KPIs that matter most.
The most recent articles & research from Devo
During the past decade, security operations centers (SOC) have become an integral part of the cybersecurity programs of many organizations. When you think of a defined team spending all of its time managing security events and using consistent processes for remediation, you may envision a group of company employees who report to a CIO or CISO. While that description fits the majority of organizations that use a SOC, others opt to outsource some or all of their SOC responsibilities to specialized outside organizations, typically managed security service providers (MSSP).
A Ponemon Institute survey—sponsored by Devo—of more than 500 IT and IT security professionals shows that the vast majority of respondents (78 percent) currently have a SOC or plan to deploy one.
However, of the hundreds of respondents who currently have a SOC, more than half are outsourcing some or all of their security operations center work.
There are several reasons organizations choose to outsource their SOC responsibilities. The most common motivations are resource limitations (mostly people related), budget constraints, and lacking the urgency that typically occurs when an organization is hit by a significant cybersecurity incident.
Let’s take a look at each of these reasons and the impact they have on SOC deployment decisions.
We live in an era of ubiquitous technology. Most organizations—businesses, governments, schools, etc.—have a growing appetite for new technologies designed to enhance their operations, which requires skilled professionals to maximize those significant technology investments.
Not surprisingly, the more technologies organizations deploy, the harder—and almost always more expensive—it is to recruit and retain talented experts to operate all of that hardware and software. Nowhere is this more evident than in the world of cybersecurity. Information is more valuable than ever and keeping it safe from internal and external threats is an ongoing battle.
One of the most challenging areas for organizations to attract and keep talent is in the SOC. Make no mistake, working in a SOC is a difficult job, especially for entry-level Tier-1 analysts, the first line of defense, who have a high burnout rate. The pressures of the job, and the demand for people who have the skills to do the work are why there are more SOC jobs than qualified candidates.
This inability to bring together an expert in-house team along with the technologies they need to do their work, is the reason 70 percent of respondents said their organization decided to outsource the SOC. Closely tied to the challenging hiring environment and the difficulty of retaining experienced analysts is the immaturity of in-house SOC teams, cited by 63 percent of respondents as a reason for outsourcing their SOC.
In the chart above, 60 percent of respondents said outsourcing their security operations center represented a significant cost savings. Other areas of ineffectiveness cited most often as reasons for choosing the outsourcing route include the speed of deploying services (54 percent), an improved security posture (42 percent), and improved compliance (39 percent).
For organizations without the resources required to establish and maintain an in-house SOC, selecting an MSSP could provide the needed security expertise without blowing the overall IT budget. The goal is to strike the right balance of improved security and financial responsibility.
Outsourcing all of part of a SOC is also a great way for resource-constrained businesses to focus their in-house team and budget on other areas of effective IT operations, while also addressing challenges such as lack of visibility and slow remediation.
A bigger budget might be the top reason organizations would deploy an in-house or outsourced SOC, but the next two incentives for establishing a SOC involve the ramifications of a security-related event.
Sixty percent of respondents said their organization would likely deploy a SOC if it suffered significant data loss from a cybersecurity incident. And following close behind, 57 percent cited a significant financial loss due to a security event as the compelling event that would drive them to deploy a SOC.
For additional research and survey data, download the full Ponemon Institute report, Improving the Effectiveness of the SOC.
By Jason Mical
Sign up to stay informed with the latest updates from Devo.