Do I have the budget to do this, do I have staff to run a Security Operations Center?
Running a security operations center requires a lot of things. Many of these things can seem to be an expensive investment to keep in-house.
Does your company want to invest in building a secure room and a secured network to facilitate such a function, which would be required due to the confidential data being handled and discussed?
Customers might not want to administer the systems which are part of a Security Operations Center. Such systems could be a SIEM solution, a network monitoring tool, an Endpoint Detection & Response tool, etc. These systems can be complex to set up and require time and certain skillsets to maintain.
Some companies might not be “big” enough to have such a function, as the investment is simply too high compared to the associated risk.
Budget is an important factor as well – not only does these tools cost money; maintaining them also requires people with experience of maintaining such tools. It can be difficult to see the return of investment for such a big investment across people, processes and technology.
Imagine the cost if you had to build this in your own company:
- Identify an appropriate location/room which can secured. Provide network cabling, physical access and ensure the best work environment to make sure analysts are most effective;
- Buy the required technologies – (e.g. a SIEM tool, a vulnerability scanner, a case-handling tool);
- Develop and implement processes for maintaining the technologies;
- Hire staff with a security background and useful experience across platforms;
- Hire staff with experience in managing and maintaining the technologies (capacity, troubleshooting and patching); and
- Maintain skillsets by continued training of staff.
Many of the above would be recurring costs as wages, licences and expenses.