There are numerous factors you need to review when deciding which is the best approach for your business. People, process, and technology are foundational for a successful SOC – and each of these pillars has numerous elements within it that you need to be aware of.
Our resource, Is an In-House, DIY SOC Right for Your Organization?, was created to help you reach a decision on whether to building an in-house, do-it-yourself SOC or outsourcing your SOC and security needs to a security partner specializing in managed detection and response (MDR) is the best route.
People, Process, Technology
The Three Pillars of an In-House, DIY SOC
While no two in-house SOCs are exactly the same, there are three elements you’ll find in each – people, process, and technology. As you determine if an in-house SOC is the right approach for your organization, you need to consider each of these elements, the costs associated with them, and the potential challenges they bring.
People
On average, how much does it cost to hire and retain the talent we need for an in-house SOC?
In Fortra’s Alert Logic TCO Calculator, $10,000 is set as the average cost to attract and hire an analyst at the Tier 1 and Tier 2 level based on our experience. This cost is not inclusive of salary — it is the internal burdened cost of facilitating the recruitment and subsequent onboarding of a new hire. Hiring and retention costs are variable and influenced by the location of the applicant and their education and professional experience. This is a starting cost and one can expect this expense to go up when considering the fully burdened cost of an employee.
Request My Demo
The most effective SOCs provide 24/7 monitoring; our experience has shown that for most midsize organizations, you will need a minimum of 11 security professional in your in-house SOC. Ultimately, the number of SOC personnel will be based on the number of assets you have, level of service, and number of alerts at each level created from the critical assets in the environment.
What type of roles are necessary for an effective SOC?
Within your in-house SOC, positions could and should include:
Tier 1 Security Analyst
Tier 3 Expert Security Analyst
Tier 2 Security Analyst
Tier 4 SOC Manager/Director
While there’s no set-in-stone list, common skill sets include sysadmin skills (Linux, Mac, Windows); programming skills (Python, Ruby, PHP, C, C#, Java, Perl, etc.); and security skills (CISSP, GCIA, GCIH, GCFA, GCFE, etc.). Additionally, there’s a host of soft skills your SOC teams members should have such as extreme curiosity to get to the root cause of a problem and the ability to remain calm under pressure.
Process
This will vary based on industry, geography, and nature of the service/products your organization offers. Whether mandated or serving as frameworks, these will help your organization deploy industry best practices and enable the best path to scalability for future growth.
Common standards and frameworks that will fall within the responsibility of the SOC include:
• GDPR • NIST
• HIPAA Compliance • PCI Compliance
• HITRUST • SOC 2
• ISO/IEC 27001
Technology
SOC Management Tools
- Incident tracking and management system
Data Center/On-premises Management, Maintenance, and Mitigation Platform
- Asset discovery and monitoring systems
- Compliance monitoring solutions
- Data monitoring tools
- Endpoint protection systems
- Extended detection and response
- Firewalls and antivirus software
- Identity and access management
- Intelligent automated application security
- Intrusion prevention/detection system
- Security information and event management
- Security posture assessment ratings
Cloud Management, Maintenance, and Mitigation Platform
- Cloud infrastructure entitlement management
- Cloud-native application protection platform
- Cloud security posture monitoring
- Cloud workload protection platforms
- Kubernetes security posture management
Next Steps
As you’ve identified the people, processes, and technologies necessary for an in-house, DIY SOC, you may be questioning if this is the right solution for your organization. Would partnering with an external resource that provides unrivaled security for any environment, 24/7 coverage, and industry-leading service value be a better fit?
The right approach for many organizations security needs is to find a balance between managing some cybersecurity operations internally and partnering with an external MDR solutions provider.
Forta’s Alert Logic – the Most Comprehensive MDR Coverage for Your Organization Providing Industry-Leading Service Value
While an in-house, DIY security operations center has some benefits, for most organizations, the high costs and expertlevel personnel needed to operate the SOC is simply not realistic. Instead, they chose an external partner who provides unrivaled security for any environment, using technology and expertise that offers the industry’s most comprehensive MDR coverage. And that partner is Fortra’s Alert Logic Managed Detection and Response.
Our MDR solution delivers comprehensive coverage for public clouds, SaaS, on-premises, and hybrid environments. Our continuous threat detection and security expertise gives you the peace of mind that your environment is being monitored 24/7 by a global SOC that delivers actionable insights based on leading emerging threat hunting and intelligence. And this level of security is available in a fraction of the time it would take an organization to develop, launch, and maintain an in-house, DIY SOC on their own.
With Alert Logic MDR, you’ll have:
- Scalable MDR platform
- Extensive breadth and depth of coverage across your entire IT architecture
- Unrivaled security expertise with 150+ SOC and threat intelligence experts
- Comprehensive coverage against known and unknown threats
- Incident validation
- Broad and deep coverage across hybrid and multi-cloud environments
- Customer-first mindset and 20+ years’ experience delivering measurable service value
- Single point of security expertise who becomes an extension of your team
- Automation at your own pace
- Protection tailored to each asset in your estate
- Unwavering commitment to continuous product innovation
- Adaptable to your security and compliance needs
Ready to Find Out More About Alert Logic MDR?
You’ve done the research, looked at the costs, examined your in-house margins. You’ve learned that partnering with Alert Logic for MDR will be a small fraction of the cost of building and maintaining an in-house SOC. You don’t have to do it alone. Our expertise, service, and technology can be your advantage.
Let’s get started on your Fortra’s Alert Logic MDR journey! Our cybersecurity experts are ready to collaborate with you.