What to think about when starting a security operations center

If you aren’t continuously monitoring your business network for attacks and threats, you should be: the number of attempts to infiltrate systems is rising — by 50% per week in 2021. Trends like the growth of ransomware-as-a-service and the rise of artificial intelligence (AI) will only lay the ground for more advanced, highly sophisticated attacks in the very near future.

This alarming state of affairs is leading many CISOs, CIOs and executive teams to consider creating an internal security operations center (SOC), a department responsible for continuously monitoring, detecting and responding to such incidents and potential incidents. While there are technologies that can automate this process, a fully staffed SOC is the preferred solution. After all, hackers are in many time zones and don’t seem to take a rest. And since the average cost of a data breach in the United States in 2022 was $9.44 million, an SOC seems like a reasonable investment.

5 considerations for running your own SOC

However, there are several important factors for organizations to consider when weighing creating their own SOC for security versus a managed services solution:

1. People. Not every IT professional is a security expert. It’s essential to find people with experience in network systems, laptops, databases and applications, and then security expertise on top of that. They should also be able to monitor systems from a global cybersecurity intelligence perspective and analyze alerts and their priority level as applied to your particular organization. Note that these skills aren’t necessarily learned from books — professionals develop and hone them over time. That makes it challenging to find and recruit qualified candidates, especially during a cybersecurity talent shortage. And for 24/7 coverage, you’re going to need at least four of them, at the bare minimum, which doesn’t leave room for any overlap in hours or time for additional training.
2. Resources. SOCs require advanced software tools, which can include a security information event management (SIEM) system and an endpoint detection and response (EDR) platform. SIEMs provide a comprehensive overview of activity by collecting and analyzing data from devices, applications, servers and users in real-time using rules to define and detect threats. EDR quickly identifies and contains attacks at endpoints. Together with intelligence and experience, these tools enable the SOC to effectively and proactively defend and monitor the complete infrastructure of your organization.
3. Facilities. You’ll need space and equipment for your SOC cybersecurity team with the appropriate physical security to control entry access, as well as the network infrastructure to handle the required segregation, bandwidth capacity and speed. The facility should also have redundancies built in to ensure power and internet connectivity in case of an outage. That could mean expanding, leasing more space or remodeling existing space.
4. Network. If the SOC team catches a threat, such as ransomware or other malware, then they need to segregate it from the corporate network in an area where it can be safely contained. Setting up a segregated network protects critical systems and sensitive data, ensuring the organization can continue to operate.
5. Costs. All of these things require a significant investment. Hiring four people to staff the SOC will run at least $100,000 per person per year. (That’s according to an average salary estimate from 2021, and wages for cybersecurity professionals have only risen since then.) Licensing and maintaining enterprise SIEM and EDR software also incur costs, as do the buildout and maintenance of the physical facility and the network. This all adds up to around at least a million dollars to get your SOC up and running.

When planning an SOC, organizational leaders need to identify what is most critical for their security. Through our managed services, BPM can customize SOC operations according to your needs, whether you already have an incident management process or need a solution built from the ground up. And since we already have the resources, tools and people ready to go, these services are extremely competitive compared to the costs of setting up your own security operations center. If you have ever considered SOC-as-a-service, contact us to find out how we can help.

Learn more about how to leverage BPM’s managed services to realize your organization’s vision. Visit our interactive guide.