<p>Every modern organization must monitor its networks continuously and respond to suspicious or malicious activity quickly and effectively. Two basic options exist: an in-house security operations center or a managed detection and response service. Some organizations use both.</p>
<p>Let’s examine how SOC and MDR services compare and identify key considerations when choosing the best option for your organization.</p>
<section class=”section main-article-chapter” data-menu-title=”SOC and MDR overview”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>SOC and MDR overview</h2>
<p>Traditionally, SOCs underpin how most companies manage security monitoring, detection and response. SOC analysts work shifts around the clock, seven days a week. These staffers are trained to <a href=”https://www.techtarget.com/searchsecurity/tip/Why-security-alert-fatigue-matters-and-how-to-address-it”>comb through alert messages</a> and identify red flags across the organization’s systems. When analysts think an incident is likely or has occurred, they notify incident responders to handle it.</p>
<p>SOCs are usually housed in dedicated, secure physical spaces because the information the analysts discuss could be highly sensitive, including details of vulnerabilities, exploits, <a href=”https://www.techtarget.com/searchsecurity/feature/10-biggest-data-breaches-in-history-and-how-to-prevent-them”>data breaches</a> and insider threats. SOCs provide analysts with various tools and dashboards they can use to keep up with the incredible volume of cybersecurity events.</p>
<p>MDRs are third-party providers that act as SOCs for multiple clients. MDRs have one or more SOCs at their own facilities and dedicated analysts who remotely monitor customers’ cybersecurity events and alerts for possible incidents.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”SOC and MDR comparison”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>SOC and MDR comparison</h2>
<p>Although SOCs and MDR services monitor the same cybersecurity event data and look for the same kinds of activity, key differences exist, among them:</p>
<ul class=”default-list”>
<li><b>Staffing and labor.</b> An in-house SOC usually needs to be staffed around-the-clock, even when the organization’s offices aren’t open, because digital services are online for customers 24/7 — and those services can’t go unmonitored. Labor costs for continuous monitoring and analysis can be quite high, especially for organizations with relatively low volumes of cybersecurity events where SOC staff might be underutilized. Using an MDR provider could be less expensive.</li>
<li><b>Priorities.</b> An in-house SOC is concerned only with its own organization, whereas an MDR provider supports multiple organizations and won’t necessarily prioritize one over another.</li>
<li><b>Threat awareness. </b>An MDR provider is likely to be <a href=”https://www.techtarget.com/searchsecurity/feature/Top-10-types-of-information-security-threats-for-IT-teams”>aware of new threats</a> before in-house SOCs are. That’s because the MDR provider has access to all its customers’ data at all times, while an in-house SOC can only see its own data.</li>
<li><b>Experience.</b> An MDR provider is likely to have more experienced analysts than an in-house SOC, and more of them.</li>
<li><b>Personalization.</b> Analysts at an in-house SOC probably have a better understanding of the context for its organization’s systems, networks, applications, data and other technology resources than MDR analysts.</li>
</ul>
<p>Some organizations use both an in-house SOC and an MDR provider, staffing their own SOCs during the week but relying on an MDR on weekends and holidays, for example.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”Decision considerations”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Decision considerations</h2>
<p>Sometimes it’s obvious whether an organization should have an in-house SOC or rely on an MDR service provider. But many cases aren’t so clear-cut.</p>
<p>CISOs and security leaders should ask the following key questions when considering whether to use an in-house SOC, an MDR service or a combination of both:</p>
<h3>Costs and staffing</h3>
<p>How much will it cost to build, staff and maintain an in-house SOC, recognizing that labor and training will account for the vast majority of costs in the long run? Estimate the analyst turnover rate and include that in cost estimates. Compare that to the
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: