THE SECURITY OPERATIONS CENTERS (SOCs) we see in the movies, with their big screens and intense analysts, look great. Odds are good, though, your budget doesn’t match Hollywood’s.
“It’s very hard and costly to build a 24/7 SOC,” notes Augusto Barros, a security and risk management research director at Gartner Inc. “You need five full-time employees for every seat to cover leave, training, and sick days.”
With unemployment virtually nonexistent for security specialists, providers won’t have an easy time finding a significant quantity of qualified engineers either, notes Will Briggs, director of channel sales at Sunnyvale, Calif.-based SOC-as-a-service vendor Arctic Wolf Networks Inc. “If you do find a security expert, a Fortune 500 company will likely grab them up,” he adds.
Outsourcing some or all of your SOC duties to a third-party provider relieves you of such headaches. Barros lists three things to look for in a SOC partner, beginning with flexibility. “Many security services are very static in their offerings, taking a cookie-cutter approach with your clients,” he says. Choosing a vendor-agnostic service that supports all of the hardware and software your customers use is equally important, Barros continues, as is vetting their processes and people.
Similar to other product categories, selecting SOC vendors with higher capabilities may result in lower margins for you. For example, Barros says, some outsourced SOCs now offer managed detection and response services. Though such providers tend to be more proactive and dig deeper into issues before getting their clients involved, they also usually charge more as a result.
Whatever you end up paying, having an outsourced SOC on your team can give you an important edge over the competition. “When you offer a SOC, you’re in an interesting market position,” observes Barros. Channel pros with a capability SMBs need—and one the other guys can’t or don’t provide—usually come out ahead when vying for new customers.
Briggs has seen that scenario play out in real life many times. For example, having access to a Fortune 500-grade continuous threat monitoring service made the difference between winning and losing a deal for one Arctic Wolf partner, and the company's log file retention capabilities helped another MSP land a healthcare account that was struggling with compliance requirements. According to Briggs, neither opportunity would have come to fruition had the MSP involved lacked access to an outsourced SOC.
“The only viable approach for a small group is outsourcing,” Barros declares. Going without a SOC is just too risky, and building one alone is just too expensive.
Opening image: Wikimedia