It’s no easy task to weigh the pros and cons of hiring a managed SOC. Running a SOC requires a deep knowledge of your company’s systems, the needs of your security team, possible compliance goals, budget and more. If you’re juggling these priorities and wondering if a managed SOC would be the right solution for you, here are five questions to ask to get you started:
1. What’s my budget?
While an in-house SOC might feel more streamlined, it comes with a hefty price tag. Consider how many subject matter experts (SMEs) are required to staff an internal SOC 24/7/365. (Don’t forget about salaries, benefits, vacations, holidays, sick leave, and attrition.) For most companies who run a SOC, this can mean 12+ full-time employees.
Instead, a subscription-based service outsourcing the task provides companies more bang for their buck. You get access to SMEs, 24/7 monitoring, and more at a fraction of the cost of an in-house SOC. Unless you already have a team of cybersecurity professionals with time to spare on hand and ready to go, a managed SOC is likely going to provide a better value and be up and running more quickly.
2. Will my current systems be more secure with a managed SOC?
The short answer is “yes.” Your security posture will be significantly more robust with a managed SOC on your side than without.
The first step in the process (and the only way to truly answer this question) begins with a thorough and honest assessment of your current security architecture. What tools are in your tech stack, and how do they measure up against the threats you’re trying to mitigate? Do you have the basics of cyber hygiene covered? Are your processes documented? If you have the fundamentals down, whatever managed SOC system you choose will be better situated to protect your systems and data.
3. How will a managed SOC work within my existing IT infrastructure?
Once you have an understanding of the gaps within your system, you can start thinking through the logistics of how to get them covered. Look at the tools you’ve already invested in and think about your security goals. What should a managed SOC team be prioritizing? What threats to your organization are keeping you awake at night? What assets are you most concerned about protecting? Before you sign any contract, decide what success looks like to your organization, and make sure those metrics have been clearly communicated to your managed SOC team.
4. What happens when a threat is detected?
Your managed SOC team will be monitoring your system 24/7, and some threats will be detected outside of the normal 9-5 working hours. You’ll need to ask yourselves some process questions concerning how communication should move between your managed SOC and your internal team – what is the threat threshold for when you should be alerted? Who is the point person who should be alerted? How should that person receive the alerts? Is the expectation that your managed SOC team will tackle threats as they appear, only contacting you if they have questions or after the threat has been dealt with? These are questions that only you and your internal team can answer.
5. What am I looking for in a team?
Take a look back at your larger security goals. Are you bound by the requirements of continuous monitoring for federal accreditation or do you have other compliance concerns? Your goals will help you match the skillsets of different managed SOC teams to make sure that your needs can be met.
On a more interpersonal level, do you feel comfortable communicating with a particular team? A functional SOC relationship is just as much about effective communication and teamwork as it is about technical knowledge. This team will be standing between bad actors and your data, and they will need your continued support. Build a managed SOC relationship that is based on mutual trust and respect.
Interested in learning more about how a managed SOC might work for you? Connect with the experts at MindPoint Group to learn more.