Build or Buy? Eight Factors for Measuring TCO on Security Operations Centers

Posted on March 26, 2019

When it comes to security operations, most enterprises need to intensify their efforts with 24/7 threat detection and response, but what’s the best approach? Is it more effective to expand your existing in-house resources or should you trust a provider to do the work? With all the latest artificial intelligence advancements, can you rely solely on technology for effective cybersecurity defense? Analyzing the total cost of staffing a security operations center (SOC) and calculating return on investment can help you arrive at the right decision. Here are eight cost factors and some key trends to keep in mind as you decide if the do-it-yourself approach is best suited to strengthen your security posture.

Key Trend: Blurred Borders Call for SOC Scalability

With trends in edge computing, mobility, bring-your-own-device, and with IoT connecting more and more devices, the network is becoming an ever-expanding entity. Much like urban sprawl, the network’s blurred borders create an increasing amount of “ground” that SOC teams must cover. The takeaway: The SOC’s workforce and the technologies backing it must be as fluid and adaptable as the extensive IT environment.

Key Trend: In a Tech-Driven and Cloud-First World, Human Intelligence is Still Critical

Today, there is a dizzying array of security products that claim to automate the collection, correlation, and analysis of everything happening on your network. While advancements in security technologies are taking us to new heights, these products still require a certain level of human effort to work as advertised.

Much more than a marginal level of significance, the human element still stands firm on the requirements list for security due diligence. In fact, Masergy advises that talent is as much as 50 percent of the success equation.

The Biggest ROI Threat: SOC Staff and Skills Shortage

The biggest problem with security operations is finding and keeping skilled security professionals.

All of this leaves CISOs between a rock and a hard place. The security topography is only expanding and while technology helps, CISOs will likely struggle in keeping as many eyes on security as they need. As such, enterprises need to carefully weigh factors to arrive at the best decision–build or buy?

Eight Factors for Measuring SOC TCO

To arrive at an estimated total cost of ownership (TCO), CISOs should perform a cost analysis that accounts for SOC:

  1. Staffing: Salaries for tier-1 talent can be estimated at $75-90,000/yr, tier-2 $80-110,000/yr
  2. Time-to-Hire: time needed to recruit experienced talent
  3. Tenure/Retention: average <12-15 months for a security analyst
  4. Coverage (hours of service per day): 4 to 4.5 analysts required for 24/7 coverage
  5. Training and Security Certifications: average training costs for tier-1 about $16,000
  6. Technology: tools including behavior analytics and cloud protections
  7. Threat intelligence subscription
  8. Compliance auditing and reporting

When the average SOC requires at least eight employees, it’s not uncommon for SOC costs to quickly rise above $100,000+ each month and be contrasted by service contracts that can start at a few thousand dollars monthly. The savings justification typically comes from the fact that staffing, time-to-hire, training, security certifications, 24/7/365 coverage, and tenured professionals are considered non-issues with the right partner. Plus, technologies, compliance, and threat intelligence are often included in the monthly service.

One Masergy Managed Detection and Response customer saved as much as 700 percent on security operations when compared to building an internal team and purchasing comprehensive technologies. Better still, the global medical device company reduces security noise by as much as 75 percent.

While many IT executives find it easy to build a financial case, the key is getting the most scalability and the best talent for your dollar. First, focus on flexible solutions that make it easy to activate and integrate only the security technologies you need to strategically fill gaps. Second, take a close look at the tenure of security analysts and professionals your partner brings to the table, as talent remains a large part of the job.

Masergy’s Managed Detection and Response Services

Here’s how a Masergy compares to an average DIY security strategy.

Masergy Managed Security

When you’re ready to investigate managed detection and response services, take a look at Masergy’s integrated cybersecurity platform, advanced analytics, and 24/7 continuous monitoring from tenured analysts. Learn more about Masergy Managed Security.

Like this article? Download the eGuide here.

Trevor Parks

Trevor Parks is the director for security solutions at Masergy. He is responsible for guiding the development, evolution and implementation of Masergy's Unified Enterprise Security services platform. Trevor contributed to the development of the patented Network Behavioral Analysis technology at the core of the Masergy’s security solutions aimed at detecting APTs and other advanced threats effecting customer networks.

Related Content