EDITOR ’ S COMMENT
Should you invest or outsource your security operations
As with any security service , three core pillars of operations are people , process and technology . In order to simplify understanding , we compare each of these options in two scenarios : as an inhouse Security Operations Centre and as a Managed Security Services Provider .
It is a known fact that Security Information and Event Management is a complex technology and requires skilled resources to implement and to manage its infrastructure . In addition , Security Information and Event Management loses its value if alerts are not fine-tuned regularly and noise aka false positives are not suppressed . Primary reasons why most Security Information and Event Management implementations fail are lack of effective management and regular monitoring .
For any Security Information and Event Management solution to be able to detect the latest threats , requires continuous security use-case development by translating latest threats into use-cases , which can then be used for alerts and responses . A lack of regular use case development and implementation also impacts return on investment in Security Information and Event Management .
While in the case of Managed Security Service Providers , the responsibilities for implementation and management are transferred to the service provider , for whom this a prime responsibility . Hence , assurance about effective management of Security Information and Event Management infrastructure is very high with the outsourced model .
A Security Information and Event Management solution , which is not regularly monitored will add little or no
Majid Khan is Managed Security Services Architect at Help AG
business value , hence it is important to have 24x7x365 monitoring and analysis to be able to detect attacks , malicious connections or any anomalies . This roundthe-clock cover requires a dedicated security operations team of at least ten members . The team needs to be regularly trained on the latest threats and different technologies within the organisation ’ s infrastructure .
If a company is able to hire , train and retain such skills , it may be good consideration to run the Security Operations Centre in-house . However , considering the dynamics involved , in most cases , it may make business sense to transfer this responsibility to a partner who can demonstrate the right level of capabilities and commitment to provide this as a service .
By engaging a Managed Security Services Provider , businesses also get the advantage of analyst ’ s skills and knowledge gained while managing diverse security infrastructure elements and the latest attacks impacting other customers .
Some Managed Security Services Providers adopt dynamic incident lifecycle based on the type of incidents , by pre-populating tasks which should be completed to effectively manage the incidents . This ensures consistent quality of incident handing .
While considering an in-house implementation , businesses need to factor cost of hardware required to set up the Security Information and Event Management infrastructure and the associated annual support contracts . These could be somewhere between 15 % and 30 % of the initial capital . With Managed Security Services Providers , this cost could be converted into operational expenditure without the need for significant initial investment .
From a cost perspective , the cost of an in-house implementation may start making sense after a period of four to five years . However , like any other technology , Security Information and Event Management may also require an upgrade revamp thereby adding to this cost again . Security Information and Event Management infrastructure , requires regular maintenance and development to be able to detect new attacks . Generally , if security is not the prime focus for an organisation , there may be a lack of emphasis thereby impacting the effectiveness of the solution .
By engaging a Managed Security Services Provider , organisations gets benefits from regular development work , which is generally practiced by most services provides , which equips them to be able to detect new attacks which are ever evolving .
12 Issue 05 INTELLIGENT TECH CHANNELS