Designing and Building a SOC: In-house vs. Out-Sourcing

What critical functional components of a SOC make the most sense to out-source? Most organizations face budgetary constraints and limited resource when trying to stand up a SOC. Selecting key competencies and skills to develop and maintained in-house takes vision and thorough understanding of the organization. Deciding what critical functions to out-source could have a major impact on how effective the SOC will be in detecting, monitoring, and responding to incidents over the long haul. Carefully leveraging outsourced partners to cover gaps can realize substantial payback. Your reputation as a tactical and strategic thinker will be well deserved if you employ the available resources wisely. Using those resources poorly will probably drain the organization of valuable intellectual capital and put it at a long term disadvantage.

In this webcast, SANS Instructor and SOC expert, Chris Crowley, will discuss the pros and cons of the functional components that can be out-sourced to enhance SOC capabilities. Critical components to consider when building a SOC are:

  1. SOC Command Center
  2. Network Security Monitoring
  3. Threat Intelligence
  4. Incident Response
  5. Forensic Analysis
  6. Self-Assessment

**Note: We will have 20 minutes of extended Q&A to answer all your questions.

Content is based on the new SANS MGT517 course entitled \Managing Security Operations: Detection, Response, and Intelligence." The course covers the design, build, and operation of security operations centers with a deep dive into managing incident response.