Cysiv vs. Build Your Own SOC

Licensing, deploying, integrating and maintaining the required SOC technologies (SIEM, UEBA, SOAR, Threat Intelligence Platform, Case Management, or XDR) can easily be $1 million/year, even for a relatively small SOC. Tuning and managing the SIEM rules is an essential ongoing requirement and cost that many fail to consider.

Recruiting, training, managing and retaining the required staff to operate the SOC is difficult and expensive. A smaller, more basic SOC will still require about 7 security analysts to provide sufficient coverage for 24/7 operations to accommodate weekends, illness, vacations and some shift overlap. A larger SOC might require 12 analysts. You’ll need a manager, and incident response, data scientists/engineers and a threat hunter.

It can take 12-18 months to develop and launch a SOC, and there’s no guarantee it will be effective. Many SOCs are buried in alerts with analysts spending as much time on false positives, as they do investigating real threats.

Accommodating new data sources (cloud workloads, IoT/IoMT/OT), and scaling a SOC to support business growth, can be problematic, time-consuming, and expensive. And yet if these requirements aren’t addressed, the risk of a breach or service disruption is unnecessarily high, and operating costs can increase substantially.