Date: 1/22/2021 - 9:00am MT
By: Jeff Starke - MegaplanIT Principal Security Engineer
Outsource or Build Internal Security Team.
Many organizations are reevaluating their approach to better help secure their digital assets and data as cyber threats grow in number and sophistication. The current pandemic has only added to the concern as it has forced many organizations to support remote workers – whether they were ready for it or not. Covid-19 has significantly increased the risk of data theft and account takeover with an increased likelihood of system compromise. To better prepare for the current landscape of security threats, a proactive approach would be to secure your infrastructure now, especially before the eventual end of the pandemic when everyone brings those systems back onto internal networks.
To do this, you need to have a dedicated security team qualified in identifying and responding to suspicious activity along with a reliable stack of security tools and exceptional incident response processes to ensure proper, legally defensible incident handling when an incident occurs. Although it is possible to build this capability internally, you must understand the components and potential benefits of outsourcing these capabilities to a Managed Security Service Provider. MegaplanIT’s SOCaaS can bring value to your organization with the following vital components:
The Security Team
Your security team needs to be highly available and experienced in administering your security stack as well as general daily cybersecurity practices. Ideally, your organization should have a team that’s available 24/7 so that you have full monitoring and response capabilities around the clock 365 days a year. At a minimum, you will need at least 6 analysts to provide this level of support. Keep in mind your team will need time off for training, family emergencies, and personal time. Each of your analysts will also need training (likely paid training) on each tool in your security stack, as well as general cybersecurity training and certification opportunities. Based on the level of experience you decide to onboard, an individual analyst could expect a starting salary between $40 - $70k according to Glass Door. Adding up all of the additional training (estimated at $9k per analyst) and multiplied by the number of analysts, you’re looking at a total of around $240k - $420k just for security staff.
Unfortunately, this seems to be the spending figure that organizations try to avoid. It is all too often organizations will only hire one or two security team members and put the entire weight of the company’s security structure on their shoulders. In worse cases, general IT support staff are tasked with managing security team functions. These are instances where cybersecurity is not prioritized and is one of the leading reasons why dozens of new companies are being hit with ransomware and data breaches every week.
The Security Stack
Your security stack needs to be effective, actively managed, and tuned to your unique business needs. Not all security tools are created equal, and it is easy to get misled as to what your security tools are capable of and how they integrate with your operations. Any new solutions must be tested and reviewed to ensure they will fulfill your security and compliance objectives. At a basic level for enterprise security, you should have an EDR solution for endpoint protection, a SIEM solution for event aggregation and alerting, and a vulnerability scanner for risk reporting. Many SIEM solutions also provide endpoint agents for deeper endpoint visibility and support by providing network visibility via firewall log collection or SPAN port analysis. There are a variety of additional tools available to provide superior protection and defense-in-depth.
Please keep in mind that every new solution will require additional training for your security team and will need to get effectively integrated with the rest of your existing security stack.
The Incident Response Processes
Often the last thing organizations think of after buying all of the tools and hiring the staff is the incident response process that brings the people and technology together. You could have spent hundreds of thousands of dollars already, but a poorly designed or poorly executed incident response process will prevent you from ever seeing a return on investment. Disparate tools without central management or reporting will waste your analysts’ time and introduce confusion when legitimate malicious events start pouring in. Your incident response process needs to be forged well in advance by being properly tested. You will also need to ensure your security team keeps up to date on any changes to your IRP. Central management will be an important factor should you introduce any new tools.
Benefits of MegaplanIT's SOCaaS.
There is a lot to consider when deciding if you should build out your security capabilities internally VS deploying a SOCaaS solution. The main benefits include out-of-the-box security expertise, staff augmentation without onboarding or training new employees, service reliability as it is available 24/7/365, and the overall cost savings. You do not have to hire, train and certify new analysts, let alone an entire team for around the clock coverage. When it comes to licensing products, you will no longer have to vet disparate security solutions and deal with individual companies. You will lose the worry about operating or maintaining any of the back-end components or servers, and you will also get predictable pricing that will not change over the life of your agreement.
MegaplanIT’s Managed Security Services team already has the people, technology, and process that will help you secure your infrastructure. Whether you are on-premises, in the cloud, or working entirely remotely, MegaplanIT can help you better secure your organization and prevent data theft and system compromise.
Talk with a MegaplanIT expert today.