Making decisions about how much protection you can afford and how you will go about acquiring it requires knowledge of the costs involved in establishing and maintaining a Security Operations Center. The short answer to the question “How much does a SOC cost?” is that there are numerous factors that affect the price. In this post, we’ll break down those factors and give you an idea of what average prices are so you can decide how to secure your company the best.

Introduction to SOC

An organization’s IT infrastructure, including its networks, devices, appliances, and information repositories, wherever those assets are located, is collected by a SOC, which serves as a hub or central command post. The rise of sophisticated threats highlights the importance of gathering context from various sources. In essence, the SOC serves as the point of correlation for all events logged within the monitored company. The SOC must choose how each of these occurrences will be handled and responded to.

The following are the IT Security Functions:

  1. Detection – Indicator of Security Events, a gate to lessen false positive alarm
  2. Investigation – Determining the answers to 5Ws if it’s a true positive
  3. Remediation – administering steps in undoing the action and making sure it will not happen again
  4. Hunting – Threat Indicator Finder that is mostly hidden in massive data
  5. Orchestration – Automation to streamline workflows

SOC: How much does it cost?

Basic

A basic SOC will cost $1.5M per year, consisting of $300K for technology and $1.2M for manpower for 12 specialists, including salary and benefits, for a service that focuses largely on detection with little investigation and no proactive threat hunting. Setting up and beginning operations will take three months while achieving steady-state operations will take six to nine months.

Intermediate

Because of the tooling, which consists of a network forensics system, a Security Information and Event Management (SIEM) system, and User and Entity Behavior Analysis (UEBA), an intermediate SOC has exceptionally effective detection. It is staffed with analysts at various levels (L1, L2, and L3) who make an effort to be proactive, although with mixed success. The annual cost of this intermediate SOC will be $2.5M, which will be made up of $2.1M in manpower and $400K in technology.

Advanced

Advanced SOC operators regularly conduct “red team” exercises to find weaknesses or shortcomings in security posture. This level of SOC will cost $5M annually, with $1.1M going toward technology and $3.9M going toward manpower. An L2 escalation team, a threat hunting team, numerous FTEs for product and IT support, and more intelligence streams to support threat hunting are all included in the additional workforce. Assume it will take 12 months to establish up and begin business, and 18 to 24 months for it to mature.

Knowing the true expenses of constructing and running a SOC has more to do with the capabilities you’d like to field than the staff you’ll need to pay to operate round-the-clock. This article should have given you a better idea of what kind of SOC to construct and how much it might cost. And so, if you’re sitting there contemplating how this isn’t the kind of money you want to be spending, stop right then. Many people come to the same conclusion, “Security’s not a vital aspect of my firm and there’s no way we’re going to become experts at it.” In that instance, outsourcing your security operations center and using the SOC as-a-service approach can be worthwhile.