Build or Buy? Eight Factors for Measuring TCO on Security Operations Centers

Build or Buy? Eight Factors for Measuring TCO on Security Operations Centers

When it comes to security operations, most enterprises need to intensify their efforts with 24/7 threat detection and response, but what’s the best approach? Is it more effective to expand your existing in-house resources or should you trust a provider to do the work? With all the latest artificial intelligence advancements, can you rely solely on technology for effective cybersecurity defense? Analyzing the total cost of staffing a security operations center (SOC) and calculating return on investment can help you arrive at the right decision. Here are eight cost factors and some key trends to keep in mind as you decide if the do-it-yourself approach is best suited to strengthen your security posture.

Key Trend: Blurred Borders Call for SOC Scalability

With trends in edge computing, mobility, bring-your-own-device, and with IoT connecting more and more devices, the network is becoming an ever-expanding entity. Much like urban sprawl, the network’s blurred borders create an increasing amount of “ground” that SOC teams must cover. The takeaway: The SOC’s workforce and the technologies backing it must be as fluid and adaptable as the extensive IT environment.

Key Trend: In a Tech-Driven and Cloud-First World, Human Intelligence is Still Critical

Today, there is a dizzying array of security products that claim to automate the collection, correlation, and analysis of everything happening on your network. While advancements in security technologies are taking us to new heights, these products still require a certain level of human effort to work as advertised.

  • Machine learning and artificial intelligence is good at spotting anomalous behavior, but it still requires security analysts to investigate all of its findings. And, it’s still imperfect and error prone. Even teams working from AI-driven reports will investigate only to find that the “top threats” weren’t actual attacks by malicious hackers.
  • The cloud’s shared security model is taking some security pressure off the SOC, but enterprises that have migrated infrastructure, platforms, and apps to the cloud do not shed all security responsibilities. Cloud-first enterprises must still ingest and evaluate security data. Plus, they must verify that the cloud provider is doing their job correctly. Read more on how to secure IaaS/PaaS environments effectively.

Much more than a marginal level of significance, the human element still stands firm on the requirements list for security due diligence. In fact, Masergy advises that talent is as much as 50 percent of the success equation.

The Biggest ROI Threat: SOC Staff and Skills Shortage

The biggest problem with security operations is finding and keeping skilled security professionals.

  • According to a 2018 Ponemon Institute study, 57% of companies are unable to hire the appropriate staff to deal with cyber attacks, and Forrester’s 2018 Global Business Technographics® Security Survey states 62% of respondents say their security team is understaffed. Other studies found skills gaps even higher. A Global Information Security Workforce (GISW) Study found that two-thirds of its nearly 20,000 respondents said they lack the cybersecurity professionals needed for today’s threat climate.
  • Even with salary and budget increases, some estimates state there will be as many as 3.5 million unfilled positions in the industry by 2021.

All of this leaves CISOs between a rock and a hard place. The security topography is only expanding and while technology helps, CISOs will likely struggle in keeping as many eyes on security as they need. As such, enterprises need to carefully weigh factors to arrive at the best decision--build or buy?

Eight Factors for Measuring SOC TCO

To arrive at an estimated total cost of ownership (TCO), CISOs should perform a cost analysis that accounts for SOC:

  1. Staffing: Salaries for tier-1 talent can be estimated at $75-90,000/yr, tier-2 $80-110,000/yr
  2. Time-to-Hire: time needed to recruit experienced talent
  3. Tenure/Retention: average <12-15 months for a security analyst
  4. Coverage (hours of service per day): 4 to 4.5 analysts required for 24/7 coverage
  5. Training and Security Certifications: average training costs for tier-1 about $16,000
  6. Technology: tools including behavior analytics and cloud protections
  7. Threat intelligence subscription
  8. Compliance auditing and reporting

When the average SOC requires at least eight employees, it’s not uncommon for SOC costs to quickly rise above $100,000+ each month and be contrasted by service contracts that can start at a few thousand dollars monthly. The savings justification typically comes from the fact that staffing, time-to-hire, training, security certifications, 24/7/365 coverage, and tenured professionals are considered non-issues with the right partner. Plus, technologies, compliance, and threat intelligence are often included in the monthly service.

One Masergy Managed Detection and Response customer saved as much as 700 percent on security operations when compared to building an internal team and purchasing comprehensive technologies. Better still, the global medical device company reduces security noise by as much as 75 percent.

While many IT executives find it easy to build a financial case, the key is getting the most scalability and the best talent for your dollar. First, focus on flexible solutions that make it easy to activate and integrate only the security technologies you need to strategically fill gaps. Second, take a close look at the tenure of security analysts and professionals your partner brings to the table, as talent remains a large part of the job.

Masergy’s Managed Detection and Response Services

Here’s how a Masergy compares to an average DIY security strategy.

Masergy Managed Security

When you’re ready to investigate managed detection and response services, take a look at Masergy’s integrated cybersecurity platform, advanced analytics, and 24/7 continuous monitoring from tenured analysts. Learn more about Masergy Managed Security.

About Trevor Parks

Director, Security Solutions, Masergy
Trevor Parks is the director for security solutions at Masergy. He is responsible for guiding the development, evolution and implementation of Masergy's Unified Enterprise Security services platform. Trevor contributed to the development of the patented Network Behavioral Analysis technology at the core of the Masergy’s security solutions aimed at detecting APTs and other advanced threats effecting customer networks.

We use cookies to improve your web experience, better understand how our site is used, and personalize advertising. By continuing to use this site you are giving us your consent to do this. Read more and make cookie choices by visiting our privacy policy.