Lesson 5 of 7
In Progress

Making a Case for In-House vs Outsourced SOC

There is no silver bullet to decide whether to invest in an in-house SOC, decide in favor of an outsourced Managed Security Service (MSS), or resort to a hybrid model. 

According to Nemertes Research, organizations that implement a SOC can improve their mean time to resolution (MTTR*) of security threats by 50%.

* MTTR, also sometimes referred to as Mean Time To Contain (MTTC), is a Key Performance Indicator (KPI) that demonstrate the level of “cyber-effectiveness” achieved.

Larger companies see a 300% improvement in their MTTR (dropping from an average of 270 to 90 minutes) when managing SOCs internally versus externally.

Smaller companies saw the inverse with their MTTR dropped from 285 minutes when managed internally to 90 minutes when managed externally.

The Key Takeaway is all companies should have SOCs. Smaller companies (<2500 staff) should outsource; larger companies (>2500 staff) should keep the operations in-house.[1]

Exceptions apply,as always; for example, a small company may decide to have an internal SOC due to their well-guarded intellectual IP or requirements imposed on them by their customers, such as certain government clients. 

[1] Seeking a SOC: What to Look for In Security Operations Centers | Nemertes