Security Operations Center: Insource or Outsource to MSSP?

As technology marches ever forward, the threats to Enterprise Security have seemingly multiplied exponentially.  Our ability as organizations to stay ahead of the risks that technological advancements have brought to the forefront are challenged daily.  Literally.  They are challenged everyday by threats from:

  • Foreign governments trying to access data and networks
  • Cloud security as more and more corporate data is stored outside proprietary networks
  • Shadow IT
  • Ransomware
  • Phishing attacks on unaware employees
  • Internal bad actors (i.e. employees who wish to do harm)
  • Malware installed on endpoints surreptitiously by external bad actors

There are many more of course, the list could be much longer.  In the end however, the real question is, do you have a SOC (security operations center) that will not only manage the existing threats but anticipate and manage the unknown risks that are just beyond the horizon. 

Many of our clients are now or have recently been in the throes of deciding whether they continue managing their security needs in-house or outsource their SOC to an MSSP (Managed Security Services Provider).  There are risks and rewards to doing both, and often it comes down to literally the size and industry of your organization and the related risks associated with it. 

With managing security risk, size matters.

It’s inescapable really, that larger organizations have increased risk.  As you can probably already surmise, smaller organizations have less of everything which typically means there are not as many ‘things’ to look after, and fewer points of vulnerability (i.e. employees, machines, servers, etc.).  Conversely, larger organizations can be spread out around the globe with many thousands of critical risk factors that need to be accounted for and managed.  When considering whether to manage security internally or outsource, the size of the organization is a key consideration.  That’s not to say that small organizations are not vulnerable.  It comes down to the “assets” that might be valuable to perpetrators and this always includes Personal Identifiable Information (PII) on employees or company clients.

We have found that most of our larger clients must utilize an outsourced SOC as a matter of best practice and risk mitigation.  The only real question is, at what level are they engaged?  An MSSP can manage everything from A to Z or just fill in identified gaps.  Understanding where the vulnerabilities are can help with deciding the optimized level of engagement when applied to your organization’s strengths, weaknesses, and budget. 

The critical areas where companies may have issues with their SOC:

1. The “endpoints” are some of the most vulnerable elements in the enterprise, leading to advances in endpoint data protection.

Technically, anything connect to a network is an endpoint, which includes multitude of servers and network devices across the enterprise, but it is the endpoint servicing the end-user that can be the most vulnerable point of attack using human nature to the perpetrators advantage. This is where the trouble starts – out on the edge.  With the explosion of devices accessing the networks of today’s corporate enterprises, it has become a hacker’s paradise.  Protecting vulnerabilities in phones, laptops, tablets, embedded software and monitoring employee usage for risky behavior, all falls to endpoint data protection.

2. Practicing Safe SIEM (security information event management).

Software can collect reams of data across the network every second of the day.  Monitoring of routers, firewalls, and servers gives security professionals a real time look at threats and non-threats alike.  Having the tools in place to gather and report on these is critical.  The real key, however, is to not just monitor and recognize threats – but how and when to act on them.

3. TIM! (threat intelligence and management).

The SOC must be prepared to manage and act on recognized threats to their enterprise.  Part of this preparation includes getting social with some of the resources and best practices available from other companies and groups struggling with the same issues.  Like almost any issue we encounter today, when we ‘google it’ – someone has likely faced the same problem already and found a way to deal with it.  Threat management is much the same in that sharing information with other companies can help avoid the same mistakes and or get past one quickly. 

You had me at https/ssl/tls!

In our experience with helping clients navigate the increasing sea of threats, in most cases an MSSP can be invaluable to covering all possible threats and with the highest possible state of readiness.  Here are just a few of the reasons why:

  • Maturity.  Organizations that currently have their own internally managed SOC feel that they are ‘mature’, but in reality, most are not as ready as they think.  There are numerous headlines and news reports that can attest to Fortune 500 companies that thought they had it all figured out.  An MSSP will most likely have a more mature and tested approach to all the areas we’ll talk about below.
  • Being Proactive. Most companies spend all their time being reactive to the many ongoing security threats hitting them every day, let alone have time to be proactive.  On the other hand, an MSSP thrives on being proactive and utilizing its resources and knowledge base gleaned from other customers and situations to your benefit.
  • Coverage. If you are trying to manage a SOC on your own, covering the high-level risks are hard enough (EDP, SIEM, and TIM), let alone the hundreds of subcategories for each of those.  Just one shortcoming in any of those areas could help your company make the news (in a bad way).  MSSP’s generally cover all these areas and have trained SME’s for all of them, and best practices in place to manage. 
  • Collaboration. MSSPs will have access to documentation and ‘data lakes’ gathered by other security organizations from around the globe.  They are well equipped to not only gather data from these ‘birds of a feather’ but have mitigation plans at the ready even for the newest of threats.
  • Cost/Budget. In almost every case an MSSP will cost you less over the long term and likely lower your threat exposure across the board. 

Of course, there are certain risks with handing over your SOC to an MSSP – the primary being control.  In the end, you will of course be giving a third-party access to and control of, a large part of your most sensitive infrastructure.  While trust certainly will play a part, so will an iron clad agreement that accounts for all the potential risks you will face working with an MSSP.

NET(net) has the expertise to help you navigate the complexities around an MSSP’s capabilities and compare their offerings to optimize for the right fit.  Of course, we also have our own FMI (Federated Market Intelligence) and the world’s best negotiators who can ensure you get the best deal in the marketplace.  Contact us today to see how we can help you assess and manage your approach to working with an outsourced SOC and MSSP.

About NET(net)

Since 2002, NET(net) is the world’s leading IT Investment Optimization firm, helping clients find, get and keep more economic and strategic value. With over 2,500 clients around the world in nearly all industries and geographies, and with the experience of over 25,000 field engagements with over 250 technology suppliers in XaaS, Cloud, Hardware, Software, Services, Healthcare, Outsourcing, Infrastructure, Telecommunications, and other areas of IT spend, resulting in incremental client captured value in excess of $250 billion.

NET(net) has the expertise you need, the experience you want, and the performance you demand. Contact us today at, visit us online at, or call us at +1-866-2-NET-net to see if we can help you capture more value in your IT investments, agreements, and relationships.

NET(net)’s Website/Blogs/Articles and other content is subject to NET(net)’s legal terms offered for general information purposes only, and while NET(net) may offer views and opinions regarding the subject matter, such views and opinions are not intended to malign or disparage any other company or other individual or group.

Read similar posts below