SOC Models Comparison
0 likes204 views
Utkarsh Srivastava discusses different models for security operations centers (SOCs): - In-house SOCs are preferred by regulated industries like defense and banking due to privacy concerns, but challenges include high costs and difficulty retaining skilled analysts. Experienced providers can help set up in-house SOCs. - Outsourced SOCs offer immediate benefits through a provider's infrastructure and intelligence, but organizations lose control over sensitive log data. Providers have skilled analysts and build expertise across clients. - Hybrid SOCs store raw logs internally but send relevant logs to providers for analysis, gaining expertise while satisfying data privacy requirements. This balances oversight and outsourced capabilities.
SOC Models Comparison
- 1. Author: Utkarsh Srivastava CISSP, CISA, CEH, ITILv3F, CoBIT3, MCSE, CCNA Security Operations Center Models In-house SOC: Certain industries, especially defense and BFSI, operate under tight regulatory obligations. Hence it is uncomfortable for these industries, to wholly or partially outsource security operations, as it is an integral part of their processes and business. In-house SOC mitigates security risks of sensitive activity log data loss. In contract, in an Outsourced SOC, organizations do not place the highest importance to the confidentiality of their security logs or analysis data, after the completion of the SOC contract. While building and operating a SOC in-house over a period of time, organizations gain capabilities in their security and incident handling process. Challenges in operating an in-house SOC: Organizations may take years to realize the cost-benefit ratio and thus may find it difficult convincing the board. SIEM tool licensing, threat intelligence, infrastructure setup and scaling up ongoing operations are some considerations. One more possible risk is of not being able to procure skilled SOC analysts and incident handlers. However, many experienced Security Service providers help organizations build in-house SOC services for their clients in perspective of the framework, technology selection, process, and skill sets thus making an in-house SOC implementation easier. Outsourced SOC: Many organizations are choosing Managed Security operations (MSSP). In an outsourced model, customer can see the immediate benefits of implementing SOC in their environment by leveraging service provider’s infrastructure, intelligence and capability. Further, businesses need not worry about the core competency of SOC analysts and attrition. MSSPs have ability to retain, train and develop skilled analysts. Undeniably, service providers with multiple clients in different business verticals and geographies, are able to build a knowledge base and tested processes for managing security incidents. Service providers also have the capacity of investing to build and generate threat intelligence to detect real time targeted and persistent attacks. To meet the log security requirements of the customer, as a compensatory control, service providers sign stringent SLA’s and contracts with the organizations. Hybrid SOC: These are a combination of In-House and Outsourced SOC. Due to regulations, customers may prefer log data to be stored within their own infrastructure. However, the selective and normalized log data which is security relevant may be forwarded to MSSP providers. In turn, SOC provider will provide expertise, intelligence and infrastructure to provide the filtered, compressed, correlated, analyzed and prioritized alerts and reports. A Hybrid SOC enables customer to fit the solution to their requirements and arrive to a sustainable capacity plan. This balance helps businesses satisfy its auditors and also showcase the value an outsourced SOC service provider.