An Overview of the Different SOC Models
In the previous blog post, Welcome to the Security Operations Center (SOC), we touched on the core people, processes and technologies involved in a security operations center (SOC). There are different SOC models, but any effective SOC will have certain elements in common.
With that in mind, there are multiple ways to coordinate these functions at scale. These include:
- Self-managed SOC: Managed entirely in-house; this option is typically reserved for the largest enterprises
- SOC with a co-managed security information and event management (SIEM) system: Partnering with a service provider that can take on some of the responsibility of managing a SIEM.
- Managed SOC: Partnering with a third-party vendor that provides the end-to-end SOC functions and the accompanying expertise, infrastructure and technology
What’s the Best Option for SMEs?
The majority of SMEs will find the “build your own” self-managed SOC to be cost-prohibitive. Some may even be overwhelmed by the co-managed SIEM model, which offloads some, but not all, of the burdens associated with in-house information security management.
Thus, the majority of SMEs will find the managed SOC option to be compelling in terms of an improved security posture and a predictable, modest cost.
The recently released “Definitive Guide to Soc-as-a-Service,” discusses some the more specific pros and cons of each of the above SOC models. It also examines more deeply some of the reasons a managed SOC option is the most sensible choice for SMEs.