I am currently conducting research on emerging trends in Security Operations.  Specifically, I am focusing on how organizations are approaching Tier 1 (alert triage) and Tier 2 (root cause analysis) SOC functions. I would greatly appreciate your input on the following: Are you seeing these functions being outsourced in your organization or others you are familiar with? If so, at what company size or operational scale does outsourcing typically begin? Are there any approximate annual cost ranges you have seen for outsourced Tier 1 and/or Tier 2 activities (including tools and personnel)?

Security Strategy & RoadmapSecurity Operations Center (SOC)
344 viewscircle icon2 Comments
Sort by:
Head of Information Security in Banking6 months ago

SOC function is mostly outsourced in the middle east region.  Most organizations prefer to outsource it considering the capabilities it provides, the dynamic of response, high level of attrition in L1 and L2 analysts, and cost of running it in house.  The cost of outsourcing depends on multitude of factors, depending upon the partner you choose, the services, the scope, etc.  

CIO in Government6 months ago

We are a mid-size government agency employing MDR.  We rely heavily on business familiarity, visibility and managerial control for incident management, RCA & Defect Elimination that balances security and value.  This prevents us from effectively outsourcing the function.

Content you might like

Ransomware negotiator Retainer? Do you currently hold a retainer with a ransomware negotiator consulting firm? If so any recommendations?

Read More Comments

What course(s) are you most looking forward to at the SANS Pen Test HackFest Summit and Training 2022?

Hacker Tools, Techniques, and Incident Handling26%

Cloud Penetration Testing50%

Enterprise Penetration Testing45%

Advanced Penetration Testing, Exploit Writing, and Ethical Hacking39%

Web App Penetration Testing and Ethical Hacking27%

Automating Information Security with Python20%

Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses15%

Mobile Device Security and Ethical Hacking13%

Advanced Exploit Development for Penetration Testers14%

Cyber Deception - Attack Detection, Disruption and Active Defense7%

View Results

We are on the cusp of conducting a pilot of AI tooling - we intend to use Gemini & CoPilot, providing training, guidance & policy to our user group.  Before we start we should conduct a risk assessment -  my question is: can you recommend a tool or template?

Read More Comments

How many hours on average does your team spend on compliance and reporting each week?

Less than 5 hours27%

5-10 hours39%

11-15 hours21%

16-20 hours8%

21-25 hours1%

More than 25 hours3%

View Results

How are you addressing technical debt risk resulting from AI coding tools? Have you established specific processes to manage vulnerabilities in AI-generated code, and are you collaborating with software engineering or other teams using these tools?

Read More Comments