I am currently conducting research on emerging trends in Security Operations. Specifically, I am focusing on how organizations are approaching Tier 1 (alert triage) and Tier 2 (root cause analysis) SOC functions. I would greatly appreciate your input on the following: Are you seeing these functions being outsourced in your organization or others you are familiar with? If so, at what company size or operational scale does outsourcing typically begin? Are there any approximate annual cost ranges you have seen for outsourced Tier 1 and/or Tier 2 activities (including tools and personnel)?

Security Strategy & Roadmap Security Operations Center (SOC)

337 views2 Comments

Sort by:

Head of Information Security in Banking4 months ago

SOC function is mostly outsourced in the middle east region. Most organizations prefer to outsource it considering the capabilities it provides, the dynamic of response, high level of attrition in L1 and L2 analysts, and cost of running it in house. The cost of outsourcing depends on multitude of factors, depending upon the partner you choose, the services, the scope, etc.

CIO in Government4 months ago

We are a mid-size government agency employing MDR. We rely heavily on business familiarity, visibility and managerial control for incident management, RCA & Defect Elimination that balances security and value. This prevents us from effectively outsourcing the function.

Content you might like

How are you currently managing SIEM costs? Have you found effective ways to actually reduce storage costs for your SIEM?

User experience should not be a priority in the context of security — do you agree?

Strongly agree10%

Agree57%

Neutral11%

Disagree13%

Strongly disagree6%

View Results

During your last ransomware attack, did the cybercriminals successfully encrypt your data?

Yes, they succeeded in encrypting data34%

The attack was halted before any data could be encrypted57%

The data wasn't encrypted but the organization was held for ransom7%

View Results

As part of our NYSE IPO prep, we’re debating how to communicate our system hardening efforts in regulatory disclosures (e.g., SEC Form 20-F, SFC).

Would you recommend sharing % compliance (e.g., “85% CIS Tier 2”) or sticking to qualitative descriptions of how we identify and mitigate risks? Also, do SFC/ISO 27001 expectations require full ISMS integration, or is a % model acceptable?

I'm looking to go for the Certified CISO certification & training as I'm an aspiring CISO. Any recommendations and additional certifications that I should be doing along with that? I already have CISSP.