I am currently conducting research on emerging trends in Security Operations.  Specifically, I am focusing on how organizations are approaching Tier 1 (alert triage) and Tier 2 (root cause analysis) SOC functions. I would greatly appreciate your input on the following: Are you seeing these functions being outsourced in your organization or others you are familiar with? If so, at what company size or operational scale does outsourcing typically begin? Are there any approximate annual cost ranges you have seen for outsourced Tier 1 and/or Tier 2 activities (including tools and personnel)?

Security Operations Center (SOC)Security Strategy & Roadmap
336 viewscircle icon2 Comments
Sort by:
Head of Information Security in Banking3 months ago

SOC function is mostly outsourced in the middle east region.  Most organizations prefer to outsource it considering the capabilities it provides, the dynamic of response, high level of attrition in L1 and L2 analysts, and cost of running it in house.  The cost of outsourcing depends on multitude of factors, depending upon the partner you choose, the services, the scope, etc.  

CIO in Government3 months ago

We are a mid-size government agency employing MDR.  We rely heavily on business familiarity, visibility and managerial control for incident management, RCA & Defect Elimination that balances security and value.  This prevents us from effectively outsourcing the function.

Content you might like

What was the impact of the last successful phishing attack on your organization?

Loss of Data13%

Ransomware Infection47%

Credential/account compromise25%

Financial loss/wire transfer fraud2%

Other (comment below)11%

View Results

I wanted a point of view on migration from on-prem AD and SCCM to AAD and Intune. Would be great to have a perspective on, - Is there a real need since SCCM is still undersupport from Microsoft? - I understand that we can get rid of onprim AD Infrastructure and move on SaaS, but any other benefits we get by doing this?

Looking to benchmark. If you are in-process of pursuing the ISO 42001 or have obtained it, how have you measured the business value?

Do you have a lock out policy for system accounts? If so, how many attempts do you have it set too? 

Have you considered not having a lock out policy where accounts are vaulted / rotated & standing access is removed?

Not-for-profit healthcare systems are currently facing the prospect of sinking revenue as ransomware attacks continue to disrupt daily operations. What should healthcare providers focus on in the next 6 months to protect their data from future attacks?

Develop a malware incident recovery plan22%

Implement anti-ransomware technology45%

Hire Information Security / Data experts50%

Deploy layered protection to endpoints20%

All of the Above29%

Other (Please share below)1%

View Results