The SOC works both proactively and reactively, advancing the organization’s security posture while also monitoring for, and acting upon, advanced threats or cyber attacks. Let’s explore the three major SOC models as defined by Gartner®, examine their strengths and drawbacks, and discover how to choose the right model for your organization.
The 3 Major SOC Models
Internal SOCs
An internal SOC contains enough full-time, dedicated analysts to provide 24×7 centralized threat detection and response in a self-contained setting focused on a single organization. While additional services like penetration testing may occasionally be outsourced, the core security functions operate in-house and under organizational control.
This model is best suited for large enterprises with the capability and budget to spin up an in-house SOC. However, providing 24×7 monitoring, detection, and response to cyber threats is a difficult — and expensive — proposition.
Gartner recommends a minimum of 10-12 analysts for around-the-clock coverage. If you assume the average security analyst costs $90,000 a year, a fully staffed, 24×7 team could easily cost more than $1 million a year at a minimum. Factor in the cost of the tools and training they need to do their job effectively and you’re looking at anywhere from $2 million to $7 million annually.
Of course, these numbers don’t factor in the months or years it will take to fully build out the SOC, which will leave you exposed to threats while your IT team is distracted from other valuable initiatives.
This is why Gartner® estimates that, “By 2025, 33% of organizations that currently have internal security functions will attempt and fail to build an effective internal SOC due to resource constraints, such as lack of budget, expertise and staffing.”
Tiered SOCs
This model is only suitable for the largest of large enterprises and is typically utilized by organizations with a national or international footprint and the need to protect multiple satellite environments and physical offices. A tiered SOC relies on the oversight of a single “command” or “parent” SOC in which most tools and analysts work, which synchronizes with the other independent, satellite SOCs.
Hybrid SOC
This SOC model leverages the partnership of third-party managed service or solutions providers. It is the ideal model for small and midsize enterprises (SMEs), as it allows these organizations to gain expert-level threat monitoring, detection, and response at a reduced cost, often through a predictable subscription pricing model.
According to Gartner, “Adoption of this model is driven by a shortage and gap in the availability of skills, expertise and staffing, general budget constraints, and the considerable cost of 24/7 security operations.”
A managed security operations model augments current network security tools with continuous threat monitoring, detection, and response. It also can include other security operations solutions that help assess and eliminate vulnerabilities and reduce cyber risk.
Organizations that utilize hybrid SOCs which leverage managed detection and response (MDR) solutions benefit by extending the capabilities of their in-house IT or security team, while removing the burden of determining the best methodology or technology for threat detection and response.
The Arctic Wolf SOC Model
Built on an open XDR architecture, the Arctic Wolf® Platform combines with our concierge delivery model to work as an extension of your team, providing all the benefits of a hybrid SOC and much more. We provide broad visibility across endpoint, network, and cloud, and process over 2 trillion events per week, enriching them with threat intelligence and risk context to drive faster threat detection, simplify incident response, and eliminate alert fatigue.
With 24×7 monitoring, detection, and response, ongoing risk management, as well as security awareness training to proactively protect your environment while continually strengthening your security posture, Arctic Wolf is a full-featured and fully managed security operations solution for organizations of any size.
- Discover how much it costs to build an in-house SOC.
- Calculate your security operations savings with our Total Cost of Ownership calculator.