To Build or Buy a SOC – a Cost Comparison

By 2017, Gartner Research reports that detection and response had become a top priority for security leaders, with the trend predicted to continue into 2020 and beyond. This is not surprising, as managing the risk posed by these events and focusing on impact minimization makes good business sense.

Many believe that a security operations center (SOC) is required to enhance your detection and response capabilities in-house, but building an in-house SOC is not the only option to improve detection and response.

In fact, when looking at the total cost of building and maintaining a SOC, it’s extraordinary when compared to outsourcing to a trusted managed detection and response provider, like CI Security. The MDR outsource option comes in at a fraction of the total cost of ownership—compared to an in-house SOC, it costs 80% less to hire out SOC capabilities to a trusted provider.

Let’s dig into why it’s so expensive to build your own SOC.

 

Evaluating the Costs of Building a SOC

Security leaders frequently underestimate the cost of running an internal security operations center. We recommend that all those considering building out SOC capabilities review the handful of detection and response options available before investing in a physical security operations center and recruiting to develop an appropriate staffing model.

Siddharth Deshpande, principal research analyst at Gartner Research, notes the level of consideration that IT leaders should give to building an in-house SOC: “CISOs and technology leaders contemplating building their own SOC should be very cognizant of the cost and staffing implications involved in this approach. There are plenty of alternatives to building and staffing an in house SOC, and companies should explore them in addition to the various types of SOC models.”

To support this decision-making process, the team at CI analyzed the pricing of our technology, Critical Insight, and compared it to the physical, digital, and human resource costs associated with running our own security operations center. By reviewing the line items associated with our costs, we can estimate the cost of a security operations center in an SMB organization versus outsourcing those capabilities to a 3rd party like CI Security. To get the full cost analysis, download the white paper, Detection and Response: 4 Options for Security Operations.

 

TL;DR - MDR Beats the DIY SOC Model by 80%

After it’s all said and done, the cost difference between building an in-house, DIY SOC and outsourcing the capabilities to a trusted MDR provider like CI Security is significant.  The white paper provides a deep dive into the costs associated with building your own in-house SOC—you can download it here.

Technology costs are not the main contributor to the overall costs of building and maintaining an in-house SOC.  In fact, the model highlights the true driver of the bottom line costs: the salary and endless recruiting expenses associated with staffing in-demand InfoSec pros. These valuable team players, along with the often requisite CISO, are not only in high-demand and command high salaries, they are bouncing from job to job in an employee-fueled hiring market.  Companies seeking to hire and retain qualified employees to staff the SOC 24/7/365 will be facing an uphill battle to satisfy their staffing requirements in the long-run. As a result, human resources are a true barrier to entry for affordably building and managing a DIY SOC. 

The huge expense associated with building a SOC makes it crystal clear that outsourcing managed detection and response to a quality 3rd party provider is the ideal option for the majority of organizations, whether a business, government, critical service provider, or something in between. 

CI Security would like to learn more about your security needs and help you make an informed decision on building a SOC or outsourcing your security operations for monitoring, detection, investigation, response, and recovery.  Our specialty is providing full managed detection and response services, and we have a variety of clients who trust us to do so. We also help customers who already have in-house SOCs to consult on their security program initiatives and support continuous improvement in monitoring, detection, and response. 

Do you have questions about whether building a SOC is right for your organization?  Call us today, and we’ll help you figure out what solution is the best for your company.

Michael K Hamilton

Michael K Hamilton CISSP

The CISO