With every study and high-profile data breach publicized, it becomes more apparent that companies need to make protecting their systems more diligently. This leads to the question of whether an organization should go with an in-house SOC or MSSP (managed security service provider). In this article, we will discuss considerations for each.
A survey conducted by KPMG in 2016 revealed that over two-thirds of companies that have never been the victim of a cybersecurity incident believe that they are unlikely to be a victim in the future. However, in the same year, 46% of businesses surveyed experienced some type of cybersecurity breach. The threat of a cybersecurity incident is real, and organizations need to be prepared to protect themselves.
The trouble with cybersecurity is that attackers and defenders have an asymmetrical relationship. A defender needs to identify and fix every potential vulnerability in their systems while an attacker often needs to find only a single one in order to compromise a system or network.
The global nature of the Internet means that attacks can occur at any time, and, in many cases, the time that a defender has to react between initial infection and complete compromise can be measured in hours or even minutes. For example, ransomware often begins encryption of files immediately upon compromise, so the damage is done as soon as the malware begins to run.
The threat posed by malware and other cyber threats means that organizations need comprehensive, continuous protection. The two main options an organization has been deploying an in-house Security Operations Center (SOC) or employing an MSSP (managed security service provider).
An in-house Security Operations Center (SOC) is simply a department in your organization that is tasked with monitoring your network for any indications of cyberattack and responding to any potential incidents. Often, this group is associated with the IT department; however, the need for 24/7 coverage and more specialized skillsets means the SOC employees focus solely on network defense rather than customer service.
A Managed Security Services Provider (MSSP) is an external organization that your company contracts with to provide cybersecurity monitoring and incident response services to your organization. Like any other contractor or vendor, your organization negotiates services, service level agreements, and terms of service with your MSSP.
The decision between an in-house SOC and an external MSSP (managed security service provider) is an important one since the security of your organization’s network, reputation, and sensitive data is in the hands of this group. As with any other business decision, the best way to choose between an in-house SOC and an external MSSP is through threat intelligence to help inform the risks and potential return on investment for each option.
When deciding between an in-house SOC versus an MSSP, it’s important to be realistic about the considerations, challenges, and expenses of each and how these factors weigh in importance to your organization. For instance, if keeping down costs and avoiding hassle are your highest priorities, outsourcing to an MSSP is probably the better choice. If retaining complete control of the tools, processes, and personnel employed in your operations is paramount, an in-house solution is better.
We've developed an e-book comparing the two options including the advantages and disadvantages of both, staffing costs, as well as costs associated with building a security operations center (SOC) versus outsourcing. Download the e-book!