What We Do
How we do it
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
View Threat Intelligence Resources →
Jun 01, 2023
Critical Vulnerability in MOVEit Transfer
THE THREAT eSentire is aware of reports relating to the active exploitation of a currently unnamed vulnerability impacting Progress Software’s managed file transfer software MOVEit Transfer.…
Read More
View all Advisories →
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
Mar 20, 2023
Exertis and eSentire Partner to Deliver 24/7 Multi-Signal MDR, Digital Forensics & IR Services and Exposure Management to Organisations Across the UK, Ireland, and Europe
Basingstoke, UK– 20 March, 2023. Leading technology distributor, Exertis, announced today that it has bolstered its cybersecurity services, adding eSentire, the Authority in Managed Detection and Response (MDR), to its Enterprise portfolio of offerings. eSentire’s award-winning, 24/7 multi-signal MDR, Digital Forensics & Incident Response (IR), and Exposure Management services will be available…
Read More
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Blog — Dec 07, 2021

Security Operations Center (SOC): Build or Buy?

7 minutes read
Speak With A Security Expert Now

Over the past year we have witnessed some truly destructive cyber attacks occurring on a global scale. Although cybersecurity teams have tried their best to keep up with the onslaught of activity, threat actors have demonstrated their expertise in how they target and deploy cyber attacks time and time again. From the shift towards using a ransomware-as-a-service model to the use of tactical experts as a result of role differentiation within ransomware groups, cybercrime has evolved significantly.

As a result, many organizations are left scrambling to protect themselves against these inevitable cyber threats. Although large enterprises typically have the resources to manage cybersecurity programs in-house, small to mid-size enterprises (MSEs) don’t have this luxury. According to a 2021 Gartner study, the average MSE has allocated only 5% of their IT budget to security.

As a business leader, you must evaluate how to scale your existing IT operations to prioritize cybersecurity and consider which areas of expertise should be outsourced as part of the overall cybersecurity program.

What is a SOC and Do You Really Need One?

A modern Security Operations Center (SOC) is a facility where security analysts utilize forensic tools and threat intelligence to hunt, investigate and respond to cyber threats in real-time. According to Gartner, a modern SOC must have four capabilities: detection engineering, monitoring, incident response, and threat intelligence.

The role of the SOC is to protect an organization from known and unknown cyber threats that can bypass traditional security technologies. While every organization should have access to a SOC facility, not many have the resources required to build their own in-house SOC. In fact, a 2020 study by 451 Research shows that only 44% of organizations with under 10,000 employees have access to their own Security Operations Center (SOC).

So, now you must decide: should you build your own SOC in-house using your own staff, technology, and resources or should you outsource SOC capabilities by enlisting the help of a Managed Detection and Response (MDR) partner?

Are You Ready for an In-House SOC?

Building an in-house SOC facility isn’t an overnight decision. In addition to years of commitment into designing the facility, your cybersecurity team must consider the financial investment required to arming it with the best people, processes, and technology. By a conservative estimate, the costs associated with building a SOC in the first year alone for 1,000 employees can be upwards of $2.2M.

Considering the up-front and ongoing investment involved with building an internal SOC, a growing number of organizations have turned to a Managed Detection and Response (MDR) provider.

However, if you’re still thinking about building an internal SOC, start by asking these critical questions:

1. What is the annual budget you have allocated toward the SOC?

Is your organization prepared to spend millions of dollars and several years of time investment into building a SOC? The ongoing CapEx and maintenance of an in-house SOC is costly, so you need to have the financial and organizational buy-in for the project.

On the other hand, it is significantly more cost-effective if you use an external SOC provider. So, work with your internal stakeholders to determine budget, responsibilities, and timing prior to making your decision.

2. Can your team of security analysts support 24/7 in-house SOC operations?

Keep in mind that although you need 24/7 coverage, you don’t need 24/7 in-house operations. Depending on your current risk tolerance, staffing a 24/7/365 SOC becomes a costly endeavour.

If you outsource your SOC operations, you have the option of splitting time with your SOC provider (i.e., your security analysts work from 8-5 while the provider covers your team outside of those hours) or simply rely on the provider for full 24/7 operations. The latter option also helps your team get access to expert analysts so you don’t have to worry about attracting and retaining skilled analysts yourself.

3. Who is going to design the SOC?

Do you have the skilled expertise necessary to design this in-house or the required budget to attract the right person for the role? Considering that building a SOC is a multi-year project, you need to be confident that you can retain the talent needed to see the project through from start to finish.

By leveraging an external SOC provider, your team can access a fully operational 24/7 SOC within weeks of deployment. Plus, you don’t have to plan for attracting and retaining the required expertise – your SOC provider shoulders that responsibility.

4. Who will document SOC processes and procedures?

There are governance, risk, and compliance frameworks you need to consider as you set up your internal SOC. You need to make these considerations prior to scaling your SOC operations, so it’s your responsibility to learn about the regulations facing your business or industry and map out your requirements from the very beginning.

5. How will you interpret and deliver threat intelligence insights?

Detection engineering is a key capability in a modern SOC, which requires that your team is able to innovate at the same pace as cyberattackers. On the other hand, an external SOC provider will afford you the expertise of a Threat Intelligence team to help correlate and enrich intelligence from daily SOC investigations to deliver key insights.

An added benefit of working with an external MDR provider is that you can take advantage of their robust customer base to drive further threat intelligence. Lastly, consider the importance of response times as part of your SOC operations. Without good threat intelligence or reduced SOC operational capacity, it can take several hours (even days) to detect and respond to threats.

Engaging an external MDR provider will drastically impact how fast a potential threat will be detected, investigated, and contained. What’s more is that your team will even get full incident response and remediation support with digital forensics capability.

6. How will you demonstrate value to the executive team and board of directors?

Since setting up a SOC is a multi-year commitment, you need to report on critical KPIs such as the Mean Time to Contain, Mean Time to Detect, number of threats disrupted, and the impact on the overall business is key to justify the investment and demonstrate its value.

On the other hand, if you work with an external SOC and MDR provider, it’s their responsibility to report on the key KPIs and metrics based on your business objectives and priorities so that you can convey the ROI to your executive team and the board of directors.

7. Do you have enough staff to build a SOC team?

Not only must your organization be able to attract the best security analysts, you must be able to retain them year after year and grow the team as your SOC operations scale. Attracting and training this talent may even impact your Time to Value.

However, with an external MDR provider, you have access to elite cybersecurity analysts 24/7. This means SOC deployment will take a few weeks at best compared to a months-long process if you’re building it in-house.

8. How are you going to engineer and deploy the technology required to run and manage the SOC?

Building an internal SOC requires multiple product purchases and vendor contracts. Moreover, your team will also have to integrate all the tools into a single solution. So, assess your tools, people, and skills to determine whether you have the expertise to evaluate and deploy these technologies in-house.

In comparison, an external MDR provider will have all the fully integrated technologies and skilled expertise in place, which can save your team time and resources.

Try eSentire’s SOC Pricing Calculator

As cyber attacks and zero-day threats become more common, many organizations are realizing they need 24/7 SOC capabilities. Building an in-house 24/7 SOC means considering the security tools, staffing, and operational expenses it takes to effectively do this.

The eSentire SOC Pricing Calculator provides a quick snapshot of the tools, personnel, operating expenses and overall costs you should consider when deciding whether it makes sense to build an in-house SOC. We also let you compare in-house costs against eSentire multi-signal MDR with improved detection, 24/7 threat hunting, deeper investigation, end-to-end coverage and most of all, complete Response.

Try the eSentire SOC Pricing Calculator here.

The reality is that regardless of the organization’s size, the answer to protecting your business 24/7 from cyber threats lies within a SOC.

To learn more about how eSentire provides value with security operations leadership, SOC Cyber Analyst talent, and elite Threat Hunters with our 24/7 SOC, book a meeting with a security specialist today.

Skip To:

  • What is a SOC and Do You Really Need One?
  • Are You Ready for an In-House SOC?
  • Try eSentire’s SOC Pricing Calculator
View Most Recent Blogs

eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.