Hybrid SOCHybrid SOCStarHub Business Site
StarHub Business Site
Is Hybrid SOC the best solution?
Nowadays Cyber security has become a top priority for all industries of any size that operate on any market as a result of the rise in the frequency and sophistication of cyber threats. A traditional IT decision-tree would be to decide whether to build and operate your own Security Operations Centre (SOC) or outsource it to a Managed Security Service Provider (MSSP). But increasingly, we have been hearing about Enterprises moving or exploring moving to a Hybrid model.
What is a Hybrid SOC?
A hybrid SOC here is defined as having an insourced SOC complemented by an MSSP offering. It can equate to an organization having an additional insurance policy in event if your own in-house insurance service provider have limited coverage for certain areas of illness. Having an additional insurance policy allows a more comprehensive coverage to cover more “illnesses”, which in this case comes in the form of advanced cyber threats.
Why insourcing may not be enough?
While there are definitely merits in having an insourced SOC (such as better knowledge of internal systems and internal processes), enterprise CISOs should also ask themselves whether all security expertise areas can be fulfilled 100% internally.
Can Enterprise HR retain the best of Cyber Security Talent?
The retention of the best of cyber security talent in a traditional corporate culture can be one of the most arduous tasks facing a CISO in large enterprise. Total insourcing also have a corresponding price-tag which traditional HR justification in terms of ROI versus headcount poses a significant headache to CISOs looking to build a large and robust 24x7 SOC. Ironically, 100% staff retention may also not be the best corporate policy in event of headcount freeze as the exposure of staff to new and external threats unseen within the enterprise environment may potentially mean a longer investigation and resolution cycle, if detected at all.
The case for Hybrid SOCs
In a recent engagement with the CISO of a large global bank, we noted that the inclination is not whether Hybrid SOC is the right approach, but rather how much to insource versus outsourcing in order to achieve the right balance. Is it really 60/40 or 50/50? It really depends on the unique requirements of each organization but the top 5 justification that we are hearing on having a business case for Hybrid SOCs are:
- Complement internal staff knowledge with external staff expertise and experience
- Aggregated threat intelligence from external threats visibility for faster time to resolution
- Ability to scale in event of large-scale attacks, without going through the HR pain
- Complementary technology for better and more well-rounded threat intelligence
- Less susceptible to staff turnover by having option to increase outsourcing capacity where required
While Hybrid SOCs are still not the industry norm, but it is definitely food for thought for Enterprise CISOs as they seek to buy more "insurance" to protect their organization from increased cyber threats.