I am currently conducting research on emerging trends in Security Operations.  Specifically, I am focusing on how organizations are approaching Tier 1 (alert triage) and Tier 2 (root cause analysis) SOC functions. I would greatly appreciate your input on the following: Are you seeing these functions being outsourced in your organization or others you are familiar with? If so, at what company size or operational scale does outsourcing typically begin? Are there any approximate annual cost ranges you have seen for outsourced Tier 1 and/or Tier 2 activities (including tools and personnel)?

Security Strategy & RoadmapSecurity Operations Center (SOC)
336 viewscircle icon2 Comments
Sort by:
Head of Information Security in Banking4 months ago

SOC function is mostly outsourced in the middle east region.  Most organizations prefer to outsource it considering the capabilities it provides, the dynamic of response, high level of attrition in L1 and L2 analysts, and cost of running it in house.  The cost of outsourcing depends on multitude of factors, depending upon the partner you choose, the services, the scope, etc.  

CIO in Government4 months ago

We are a mid-size government agency employing MDR.  We rely heavily on business familiarity, visibility and managerial control for incident management, RCA & Defect Elimination that balances security and value.  This prevents us from effectively outsourcing the function.

Content you might like

What is your preference when choosing a DDoS mitigation service?

Always-on service47%

On-demand service – traffic is scrubbed only when an attack is detected and mitigated51%

One time use – service is activated upon request1%

View Results

How are you currently managing SIEM costs? Have you found effective ways to actually reduce storage costs for your SIEM?

Read More Comments

As part of our NYSE IPO prep, we’re debating how to communicate our system hardening efforts in regulatory disclosures (e.g., SEC Form 20-F, SFC).

Would you recommend sharing % compliance (e.g., “85% CIS Tier 2”) or sticking to qualitative descriptions of how we identify and mitigate risks? Also, do SFC/ISO 27001 expectations require full ISMS integration, or is a % model acceptable?

Are you planning to improve endpoint security in the next 12 months with any of these additional capabilities?

Patch management: to reduce attack surface and avoid system misconfigurations34%

Malware and ransomware prevention: to protect endpoints from social engineering attacks60%

Malware and fileless malware detection and response: to protect against malicious software47%

Threat Hunting: to detect unknown threats that are acting or dormant in your environment and have bypassed the security controls29%

Not planning to change endpoint security strategy7%

View Results

I'm looking to go for the Certified CISO certification & training as I'm an aspiring CISO. Any recommendations and additional certifications that I should be doing along with that? I already have CISSP. 

Read More Comments