By: Jeremy Cullen, Overwatch Channel Sales Director
Should I buy the security infrastructure and tools to build out your own security operation center (SOC) or find a partner that manages those tools for me?
Cybercrime is on everyone’s radar, as the efforts of the bad actors continue to evolve. From small business owners to executives at the Enterprise level, all of us are aware of the catastrophic damage a cyberattack can have on our organization’s reputation and our bottom line. Many never recover! As an IT services provider, consultant, or as a managed services provider/managed security services provider (MSP/MSSP), the question is ultimately: Should I buy the security infrastructure and tools to build out your own security operation center (SOC) or find a partner that manages those tools for me? This is a great question! Let’s go through the options.
The number one goal of any mature SOC with best of breed tools is to detect threats and anomalous activity in near real-time, to mitigate the threat immediately. In today’s environment, MSPs/MSSPs have over 1,400 individual point solutions to choose from for end-point solutions, SIEMs, network traffic analysis, and many more. This creates too many panes of glass or systems to monitor. The second issue, there are simply not have enough cybersecurity analysts to fill the more than 3.5 million unfilled positions in 2021. Last, when your panes of glass show threats and anomalies- you must act! But there aren’t enough analysts to respond. So, what do you do?
There are two options. One, you can spend the capital to build out our own SOC. This process usually takes about two years and the cost to invest in a SOC can extend in the millions. Even if you have the capital to spend, can you and your clients wait two years and manage the risks? Moreover, to qualify for certain cybersecurity insurance and meet compliance regulations, you must be actively threat hunting.
Many IT providers simply cannot afford to invest in either the capital or time to setup the infrastructure and staff required to implement a modern SOC. Instead, they search for a qualified partner or security vendor for this premium service. When choosing the ideal partner, what should you consider? Of course, the first criteria should be that your partner is a subject matter expert (SME) in cybersecurity with many years of experience. This includes a team with a Chief Information Security Officer (CISO), Chief Technology Officer (CTO), and several other senior level staff members. Ensure that their platform can monitor across the entire IT landscape with any vendor solutions you may have in your stack. The ability to monitor across many different services is a requirement as well, from Office 365, Azure, AWS, Google Cloud Platform, and/or G-suite. The final requirement when choosing a SOC partner is that this partner MUST be 100% Channel Only. Your partner should never compete with you to win end customer business! Rather, they should assist your team in growing your monthly recurring revenue (MRR) and help address the business problem that we all potentially face– cybercrime!
My journey has blessed me with the experience of being on both sides of this quest: to build a SOC or find a partner. From my years of experience, the answer is simple. Find a qualified, channel only, partner that will cover the hole in your stack. Finding the right cybersecurity partner will open new doors for your firm and you will become the trusted authority to your clients and community.
Leave a Reply