Content, Security Program Controls/Technologies, Security Staff Acquisition & Development, SOC

Enterprise Security Operation Center (SOC) Spending: Smart Investment?


With potential cybersecurity threats encircling them daily, enterprises want “complete breach intolerance,” or the power to stop all attacks before they damage systems or pilfer data. It’s obviously a tall order.

To understand how enterprises figure to get there, it’s best to follow the money. Those dollars lead straight to maximizing their security operations centers (SOCs) by investing in security software, automation, training and compliance requirements.

But it’s more than just investments, no matter how calculated, that count, says a new study backed by Endgame and conducted by Forrester Research, entitled Achieve Complete Breach Intolerance Through SOC Transformation.

Staffing Skillsets: Can You Keep Up?

What gets enterprises closer to complete breach intolerance is the ironclad commitment to making fundamental changes to their staff’s skillsets, refining the processes and upgrading their tools, according to the 150 security decision makers from large US enterprises participating in the work.

This is the study’s basic premise and conclusion:

  • Organizations are not moving fast enough to secure their systems and data and are sorely overmatched by the increasing frequency of attacks.
  • It is time for organizations to not only catch up or keep up but to better plan against future attacks.
  • Deploying a fully staffed, optimally skilled SOC that is equipped with the right tools and backed up by a strictly followed set of processes to stop targeted attacks is critical.

Build A SOC, Call An MSSP -- Or Both?

With those points firmly in mind, is it wiser for enterprises to outsource their SOCs to an MSSP or a SOC provider or to keep the tasks in-house? A deeper data dive may show us more. Here are five points to note:

1. Breach elimination. 91 percent of survey respondents said that achieving complete breach intolerance was important to their company.

2. Fear of the unknown. 64 percent percent worry that the next breach or attack they experience could be severe. Add in that decision makers don’t know the system or the vector that will be attacked next and you have a witch’s brew.

3. SOC upgrades. 60 percent are working on expanding or upgrading their current SOC deployment. Nearly 40 percent of respondents experienced three or more types of attacks in the last year, with many facing daily attacks.

Here again, MSSP Alert wonders if it would be wiser for enterprises (and certainly small or midsize businesses) to outsource their SOC requirements to an MSSP or dedicated security operations center.

4. Staff expertise. Only 44 percent of organizations have a tier 1+ analyst, with an additional 44 percent agreeing on the need to improve their staff’s technical skills around endpoint security or find automation tools to fill the expertise gap.

Okay, we'll harp on the point: Time for enterprises to hire MSSPs to close the talent gap?

5. Weakness in tools. 71 percent of respondents are using five or more technologies in their SOC, and a third of respondents are using eight or more technologies. 57 percent of organizations accept that breaches will occur as a result of the tools they use, while 15 percent said they have no tolerance for breaches from their tools and 27 percent said their tolerance was low.

The Bottom Line on SOCs

It doesn’t take a keen eye to see that SOC optimization is central to achieving complete breach intolerance. Here’s what Endgame and Forrester concluded:

  • The cost of severe breaches is too high to accept. Companies fear a severe attack that results in damage and data loss.
  • SOC teams are using many tools to stop threats but current strategies fail to prevent these targeted attacks.
  • Improving workflows and lowering false positives can lead to key benefits such as rapid identification and remediation of threats.

Now you decide who’s best equipped to tackle those problems -- an MSSP, a third-party SOC provider or the organization itself?

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.