By Larry Gentry, President and CEO, cStor
The acceleration of today’s cyber-attacks, along with the sophistication of the attackers, is causing every organization to be more vigilant in the face of these global and seemingly around-the-clock threats. Therefore, it’s not surprising that many organizations have or are looking at standing up their own 24×7 Security Operations Center (SOC), or the possibility of utilizing a so-called SOC-as-a-Service solution to accomplish that goal.
The Necessity of a Security Operations Center (SOC)
This uncertain environment means organizations face monumental challenges in protecting their data and data centers. Not only are data centers being attacked more often and in more sophisticated ways, other factors such as the expansion of remote sites, mobile devices, mobile workforces, cloud deployments and the ever-increasing IoT (Internet of Things) are adding unprecedented levels of complexity to the organization.
One clear trend in the marketplace is the ongoing need for organizations to establish and maintain a coordinated, strategic approach to security rather than a piecemeal plan. That means creating a broader, all-encompassing security strategy that incorporates intelligence gathering, threat assessments, policy setting, awareness training and many other aspects of security.
A complete strategy and rollout plan create a more durable, long-term security program that, when well executed, combines to produce a robust and sustainable security posture for the organization. Companies of all shapes and sizes should incorporate a centralized hub, including all the tools necessary to run a 24×7 SOC, into their plan to monitor their security posture. This is the new baseline to run and protect a company – it’s no longer a luxury reserved for only the largest organizations.
Beyond creating a comprehensive SOC strategy, finding and retaining talent that can effectively and continuously monitor your environment is also now a necessity. Those resources need to have the skills to analyze and manage threat intelligence as it happens and conduct incident analysis in real-time.
Unfortunately, there is a current skill shortage that is not likely to improve anytime soon. If you have a child going off college who’s not sure what they want to do, I would recommend you ask them to consider this field. There are hundreds of thousands of unfilled cybersecurity positions in the U.S. alone.
Even if organizations can find and retain the right talent, the sheer cost and complexity of setting up a 24×7 SOC can be staggering. Here’s just a partial list of what you’ll need to do:
- Create your strategic security plan
- Buy a SIEM, Security Information Event Management system
- Hire at least five highly skilled people
- Ensure you have the right tools at hand
- Have at least one person available every hour of the day (most organizations will need double that)
- Plan the appropriate budget (costs can easily exceed $500,000 a year)
It is critical for organizations to maintain a coordinated approach to protecting their data and their data center(s) 24×7 as attacks now happen every hour of every day.
Given the high cost and extreme complexity of doing it on your own, not to mention the challenges around finding and keeping the right skilled talent, many companies are looking at outsourcing the entire program, a SOC-as-a-Service function. This is often a smart path to advance a broader security program quickly, as you’ll benefit from the provider’s expertise and often accelerate the plan execution compared to doing it all in-house.
The SOC-as-a-Service Alternative
SOC-as-a-Service (SOCaaS) has now evolved into a type of a managed service, whereby an organization can outsource the management of their security posture and threat awareness to a managed service provider (MSP). The MSP in the SOCaaS scenarios will usually take responsibility for some or all items such as firewalls, intrusion detection, response services, cloud and endpoint security, attack monitoring, log management, threat intelligence analysis and in some cases even compliance monitoring.
That said, it’s critical to recognize that your organization is still ultimately responsible for the protection of your data, no matter where it resides, or who’s running the security plan.
Why should you consider outsourcing this function? The total cost of these services is significantly lower than the cost of purchasing, installing, and maintaining the equivalent resources in-house, and eliminates the required upfront capital expenditures as well as the cost of hiring, managing and retaining these highly sought-after employees.
Despite possible opinions that you might lose control of your overall security plan, we often see just the opposite happen. With an expert guide helping to plan and manage your strategy, you’re likely to feel far more in control than ever before.
Some other good news? SOCaaS has a wide range of services that can be tailored specifically to any organization’s needs. With fixed-price contracts that have a monthly or annual fee, along with service level agreements (SLAs) governing the terms of the contract, these managed service offerings can provide organizations with an efficient and cost-effective alternative to an in-house SOC.
Along with lower initial cost and overall cost benefits, a managed service SOC, can help address potential skill gap challenges in the security department, and ultimately free up existing IT staff to focus on other business-critical issues.
Along with the choice of a completely in-house 24×7 SOC or an outsourced SOCaaS, organizations can opt for a hybrid solution. In some cases, cStor clients elect to in-source these functions during normal business hours, and then utilize a managed service model after hours and weekends. This helps ensure a cohesive plan is operational around the clock.
Other organizations are utilizing SOCaaS to do the logging for compliance purposes. The information is then shared with internal security teams to provide a comprehensive set of analyzed reports and alerts to the organization for ongoing analysis and remediation.
While the market and landscape for SOCaaS continue to evolve, this emerging approach provides an alternative to doing it on your own. It is proving to deliver the protection organizations need more efficiently and affordably. This is precisely why cStor has partnered with several different industry-leading companies and uses one of them to provide SOCaaS to cStor internal employees, to offer a comprehensive SOCaaS solution to help ensure our clients get the 24×7 managed SOC they need to protect their business-critical data and infrastructure.