• Netenrich
  • /
  • ...
  • /
  • Right-sizing SOConomics Part I: Three Steps to Adopting an Intelligent SOC
Subscribe To Our Newsletter!

Stay up to date on the top trending threats as well as the top stories in Security, Networks, Cloud, IT Ops & AIOps.

Right-sizing SOConomics Part I: Three Steps to Adopting an Intelligent SOC

The idea is to right-size the economics of SOC — based on requirements, resources, and the overall value derived from your ongoing spend.

Liza Kurtz
Post by Liza Kurtz Jan 13, 2021

When cybersecurity fails, it’s a pretty big deal. Getting it to work is also a big deal and the “rules” for doing so are less clear than they are, say, on the network side.

Some of the challenges sound the same, like having too many point tools and overlapping functionalities, but some important subtleties exist. For starters, security tools don’t integrate as well as on the network side, which makes it harder to operate, manage, and net full value from tool investments.

Cyber experts come and go more quickly, taking valuable training and tribal knowledge with them. And last but not least, there remains a frustrating yet undeniable element of “just plain luck” in cybersecurity that makes it harder to plan, predict, and prove the value of investments.

For all of these reasons, adopting a security operations center (SOC) marks an important threshold in cybersecurity maturity. A dedicated SOC represents the culmination of technical and processes controls that underpin the whole security program. The SOC team works on the front lines, and behind the scenes, driving greater effectiveness, deeper insight, and faster action to prevent breaches, and improve your whole cybersecurity stance.

Download eBook | Right-sizing SOConomics


But SOC also represents a big commit. Standing up a 24/7 facility can easily cost $2 million and take 1-3 years to roll out. Annual costs can then also exceed $2 million per year, depending on size, sometimes for staff alone. So, once you reach the point in your evolution where you officially need a SOC, a strategy for investing wisely proves essential.

Netenrich’s Intelligent SOC lets companies start from any point in their cybersecurity journey and transform operations to deliver a broad suite of target IT and business outcomes – stronger brand protection, higher return on cybersecurity investment, reduced cost, higher profitability, and market leadership – in the smartest way possible. The basic idea is to right-size your “SOConomics” – the economics of SOC -based on requirements, resources, and results, or the overall value derived from your upfront and ongoing spend.

Perfect timing

Prior to the havoc-wreaking events of 2020, Gartner wrote:

Clients are reporting that after years of quarterly reporting on cybersecurity to their boards, the boards are now pushing back and asking for improved data and understanding of what they have achieved after years of such heavy investment.

Similarly, recent surveys by Ponemon Institute found companies that invested in SOC deem the returns somewhat disappointing.

image soc effectiveness poneman institute

Figure: How effective is your SOC and its ability to gather evidence, investigate, and find the source of threats?

The lack of enthusiasm isn’t surprising given the ongoing effort, cost, and time it takes to build and staff the SOC, configure technology, build runbooks, fine-tune threat intelligence, and define procedures, analytics, and performance metrics. With digital transformation accelerating, analyst salaries rising, and an economic downturn likely in 2021, the pressure to right-size, normalize, and justify your security spend only stands to increase.

Intelligent SOC bridges the gap between resources and requirements by bringing new capabilities and flexibility to SOC and cybersecurity investments and making the most of the tools and talent you already have.

Cybersecurity investment: Right-sizing with Intelligent SOC

Intelligent SOC embodies Netenrich’s Resolution Intelligence approach that resolves today’s incidents today and solves for future issues (so there are fewer alerts and incidents) going forward. The founding principles of Intelligent SOC are:

  • Dynamic consumption model
  • Forward-looking portfolio
  • Ideal mix of human and machine intelligence

Let’s take a closer look.

Outcome-driven consumption

In just two years, the industry has witnessed major milestones in just about every area—complex new standards like GDPR, ransomware attacks like WannaCry, perimeter security and compliance blurred by the cloud, the explosion of AI, and Work from Home/Stay at Home just to name a few. Since the foundation of any successful change within IT is efficient digital operations, investing in security operations centers (SOCs) can no longer mean painting yourself into a corner. This includes buying tools you don’t need, that overlap or don’t deliver, or contracting with service providers who underperform, or charge for things you don’t need.

The key to right-sizing the economics of SOC or SOConomics, is being able to stop buying all of these individually and simply buy outcomes. Timing is good as a shift is underway within the industry toward such an approach. Gartner writes:

CIOs focused on IT cost optimization, finance, risk and value to optimize risk and corporate performance should . . . drive cybersecurity priorities and investments by using an outcome-driven approach that balances investment and risk with the needs to achieve desired business outcomes.

Netenrich Intelligent SOC-as-a-Service starts with target outcomes and delivers on two levels – ops transformation and the ultimate business outcomes it promotes. Intelligent SOC features pay-as-you-grow, outcome-driven consumption that can scale to meet changing needs for capabilities, expertise, and/or bandwidth at any given time.

Flexible, on-demand consumption accommodates fast-changing needs, promotes growth and innovation, and supports adoption of new best practices and emerging techniques.

netenrich intelligent soc approach

Beginning at the end. An Intelligent SOC approach starts with defining the ultimate business and operational outcomes you need. From there, you can adopt exactly the right mix of technologies and expertise to reduce noise, prioritize risk, and act to resolve threats and inefficiencies.

But what does it do?

Beyond investment flexibility, Intelligent SOC insulates your cybersecurity investment against change with an expanded suite of functionality. The idea is to be able to interact with a single portal or platform to consume—and turn off—the capabilities you need as you need them or simply want to try them out.

For example, you might begin with alert and SIEM management for faster detection and noise reduction, then identify a need for better threat intelligence, attack surface management, or more hands-on help with remediation. You might use the Attack Surface Intelligence (ASI) capability within Intelligent SOC to clean up your external digital risk, then progress by adding dark web analytics or breach and attack simulation (BAS) to tackle areas found to be in need of attention.

right sizing soc for you

What you need when you need it. Intelligent SOC goes beyond the traditional elements of SOC to include forward-looking functions like Attack Surface Management (ASM), vulnerability assessments, dark web strategies, and breach and attack simulation (BAS).

Machines when you need machines, experts when you need experts

We talk a lot about AI, and the shortage of cybersecurity skills. We hear less about the ramifications of having invaluable tribal knowledge walk out the door on a regular basis whenever someone leaves.

An intelligent approach to SOC features a dynamic blend of “human and machine” intelligence that:

  • Builds a knowledge base with each transaction such that machines resolve a higher percentage of incidents without intervention over time
  • Captures and operationalizes tribal knowledge – people, process, historic, and product context—for future use
  • Scales resources without having to recruit, train, and wait for new analysts to learn the ropes

These defining advantages of Intelligent SOC factor into your SOConomics during each stage of the cybersecurity investment life cycle, which we’ll be taking a closer look at in Part II.

Read more about Intelligent SOC and stay tuned!

Liza Kurtz

About the Author

Liza Kurtz

Subscribe To Our Newsletter!

The best source of information for Security, Networks, Cloud, and ITOps best practices. Join us.

Thank you for subscribing!

Related Post

Feb 24 2021

What Makes the SOC “intelligent” Part II? Assessment, Pen Te

A proactive and resolution oriented soc...

Read More
Feb 10 2021

What Makes the SOC “Intelligent” Part I: Detection, Response

Your security operations center deserves nothing b...

Read More
Dec 28 2020

2020 Year-End Observations Part 1: Emerging Cybersecurity Tr

Hint: It's not all about COVID-19...

Read More