IT managers, directors, and executives are feverishly planning their budgets for 2016 as the end of the year draws near. If you are like most, you probably have several scenarios in mind that involve things like upgrading servers, extending software licensing agreements, and adding new technology to your stack to support your growing business.
You may even be considering what could be the most costly, and hopefully most beneficial, line item on your 2016 budget: building a Security Operations Center (SOC).
The benefits of a SOC are numerous: continuous monitoring, real-time analysis of incidents and quicker time to response time. The problem, however, is that building a SOC is costly in both time and expense.
But before you summarily dismiss the notion of building a SOC due to complexity and cost, let’s consider your options.
First, for the fortunate organizations that have big dollars available, you could take on construction of a dedicated SOC.
This process would include items such as:
- Buying/leasing/re-purposing office space
- Procuring hardware and software
- Defining network architecture
- Hiring security analysts to staff the SOC
- Investing in training for this staff on your selected tools
- Developing run books and incident response plans
- Identifying and integrating threat intelligence feeds
This approach is not for the faint of heart as getting a SOC operational is no easy task. You will probably hit snags along the way that could impact your bottom line. Nevertheless, if you have the budget and commitment from all stakeholders involved, building your own SOC gives you ultimate control of security monitoring and incident response.
Another option is to outsource your SOC. With this option, you turn over the keys to a managed security service provider (MSSP) who takes ownership and responsibility for monitoring your security framework as well as responding to incidents. This can be a great option for the lean organizations that want to focus their investments on their business, shedding tasks that are not directly related to their core competencies.
Recently Gartner, Inc. published a great research note outlining what they call The Five Models of Security Operations Centers. This note is definitely worth the read as it provides a roadmap of sorts that companies can use to determine a) if they need a SOC and b) what type of SOC makes sense for them. The models presented, ranging from the lightweight virtual SOC to the behemoth of them all, the Command SOC, show you that when it comes to securing your environment and data there are a number of different approaches you can take.
Bottom line: In 2016, your security will more than likely be tested in one way or another. Make sure you have a plan and the money required to act on it.