Managed Services: The Opportunity (And Pitfalls) In Building Out A Security Operations Center

With Cybersecurity challenges in the news every day, clients are starting to pay attention and are looking to outsource their security needs. That presents a huge opportunity for MSSPs like Phalanx Secure Solutions who have invested in building security operations centers (SOCs) to meet those needs, CEO Matt Johnson said.

"The need really exists for expert, reliable support. Clients are starting to see the value of having outside security working for them," Johnson said Sunday during a presentation at the 2016 XChange University: IT Security event, part of the XChange 2016 conference running this week in San Antonio, Texas. XChange 2016 is hosted by CRN parent The Channel Company.

However, expanding managed security offerings by building a SOC can be as much of a risk for an MSP as it is an opportunity. Johnson said there are careful considerations an MSP or solution provider must go through when building a SOC, including making sure it is set up effectively and that they are prepared to handle the costs involved.

[Related: 25 New Solution Providers That Are Making Their Mark]

Sponsored post

Baltimore, Md.-based Phalanx Secure Solutions launched earlier this year as a result of the merger of Raven Data Technologies and Secure Systems Solutions with a dedicated focus on security. Since then, the company has been working to build out its SOC, which Johnson defined as an organized, skills team using technology and processes to constantly and continuously monitor, correlate, create alerts and respond to threats from client data.

Building this type of SOC was critical to the company's establishment as an MSSP, he said, as it opened new streams of revenue, allowed for more services and transformed it into a "complete IT solutions organization." However, with that evolution comes the challenge of new layers of management, huge additional costs and complexity, as well as the need to add new, expensive talent.

"A SOC to us, it's an all-or-nothing deal. There's no such thing as a half-SOC," Johnson said. "While it can be very lucrative, you have to think carefully about what you want to do and how you want to do it."

From his experience building out Phalanx's SOC, Johnson said there are four areas that a solution provider should pay attention to when building out their own center: people, processes, technology and money.

People, in particular, are the critical piece of a SOC, Johnson said. "You're only as good as your people who run your process and technology. If you don't have very good people, the processes and technology don't matter," Johnson said.

He said solution providers should carefully consider how many people they need to run their SOC effectively, including Tier 1, Tier 2, and Tier 3 analysts, as well as managers. Johnson said Phalanx's SOC is staffed 24 hours a day with seven analysts, and it is looking to add two more. From there, continuous training is key, both to keep up with the changing security industry as well as for employee retention, he said.

Processes are also key to having a consistent and effective workflow in a SOC, Johnson said. Those procedures should include -- at minimum -- monitoring, alerting, escalation, investigation, incident logging, compliance monitoring and reporting, he said.

The technology running behind the scenes in the SOC is also important, Johnson said. The technology needed includes a solution for generating, storing and analyzing log data, as well as a scalable analytics engine, a consolidated warehouse for security data, a centralized management dashboard, pattern-based threat monitoring techniques, a ticketing system, rich correlation of incident information, full network packet capture, data and identity classification and access management, he said.

Finally, Johnson said solution providers should expect a SOC investment to be very expensive, costing up to double what they might anticipate. Those costs stem from expensive security talent, pricey technology, training, infrastructure and more, he said. Partners can expect to spend between half a million and more than a million dollars on building their own SOC, he said.

While the cost and risk involved might be high, Johnson said the opportunity is only growing around security for companies like Phalanx, as customers look to adopt more security solutions in the months and years to come.

"The good thing for us, as practitioners, is there is definitely an increase in security budgets ... and more boards [of directors] are finally getting involved in security and starting to realize they have to do something," Johnson said.