How to choose and work with an outsourced SOC

So, you’ve weighed up the benefits and have chosen to outsource your Security Operations Centre to a third-party. The time has come to specify, find and select the vendor who’ll be responsible for your organisation’s security posture – one of the most important IT decisions you’ll make.

There are several pointed questions to ask when choosing an outsourced SOC, and we’ve broken down the four most important. By asking these questions, you’re also primed for a rewarding working relationship with your chosen SOC vendor.


What are the costs associated with an outsourced SOC?

The cost of outsourcing a SOC or working with a third-party SOC vary depending on several factors. These include:

  • Size and complexity of your organisation
  • Scope of services required
  • Location of the outsourcing provider
  • Level of customisation required
  • Length of the contract

Expect an outsourcing SOC to come with a price tag parallel to the critical value it delivers to your business. However, the cost of outsourcing your Security Operations Centre to a third party will amount to far less than hiring a senior security team of comparable skill, experience and technology access.

Consider that the cost of a third-party SOC may also include one-time fees for setup and configuration. It is important to thoroughly evaluate the cost structure of potential outsourced SOC vendors and compare it with the cost of maintaining an in-house team delivering a centralised security approach.

SOC for advanced threats


How does an outsourced SOC impact internal security teams?

Outsourcing your SOC can mean rather dramatic change for your internal security teams. If the introduction of an outsourced SOC and the transition of roles and responsibilities is managed well, the impact should be unanimously positive.

However, to maximise the value of using a third-party SOC, it’s important to understand how outsourcing your Security Operations Centre affects internal structures, resource demand and even team politics. Consider impacts such as:

  • Reallocation of responsibilities: With the SOC outsourced, internal security teams may focus on other security tasks and initiatives, usually at a more strategic level
  • Skills development: Internal security teams may have the opportunity to develop new skills and take on new responsibilities.
  • Reduced workload: Internal security teams may have a reduced manual or overall workload, allowing them to prioritise more effectively
  • Changes in organisational structure: The outsourcing of a SOC may result in changes to the organisational structure, including the elimination of some positions. Although uncomfortable to face, it’s crucial to mitigate unnecessary function duplication
  • Collaboration: Internal security teams may need to collaborate with the outsourced SOC to ensure effective threat detection and response. For example, by sharing sector or business-specific intel

Overall, the impact of outsourcing a SOC on internal security teams depends on the specific circumstances of each organisation. It is important to carefully consider the potential impact on internal security teams and to plan for any necessary changes.

Is it better to use an internal or outsourced SOC?


How do you evaluate potential outsourced SOC vendors?

A good SOC vendor will help your organisation harness the skills, experience and accountability of a CISO without the cost of hiring a top-tier team.

But this concentrated security capability isn’t just a product you can purchase from any security vendor or Managed Service Provider. A Managed Security Operations Service is a highly specific function and evaluating potential SOC outsourcing vendors, you must consider the following additional factors:

  1. Experience and expertise: Assess the vendor’s experience and expertise in providing third-party SOC services, including the types of threats they have dealt with in the past.
  2. Technology and tools: Evaluate the vendor’s technology and tools, including their ability to integrate with your existing security infrastructure.
  3. Service level agreements (SLAs): Review the vendor’s SLAs to understand their response times and their commitment to resolving security incidents.
  4. Security policies and procedures: Assess the vendor’s security policies and procedures, including their data protection and incident response protocols.
  5. Customer references: Speak with the vendor’s current and past customers to gain insight into their experience and level of satisfaction.
  6. Cost: Compare the vendor’s pricing to other options and consider the total cost of ownership over the life of the contract.
  7. Scalability: Consider the vendor’s ability to scale their services as your organization grows and changes.
  8. Integration with existing systems: Evaluate the vendor’s ability to integrate with your existing security systems, processes, and procedures.
  9. Compliance: Ensure the vendor is compliant with relevant regulations and standards, such as ISO 27001 or SOC 2.
  10. Contracts and legal agreements: Review the vendor’s contracts and legal agreements to understand the terms of the relationship and your rights and responsibilities.

It is important to carefully evaluate potential vendors to ensure that you choose a partner that can meet your security needs and support your organisation’s goals.

Statistics driving the adoption of security operations centres


How do you maintain control over the outsourced SOC?

When using a Managed SOC, your company places its mission-critical IT into the hands of trusted, highly-experienced security experts at the very top of their game.

However, as the client company, it’s in your best interests to maintain a degree of control over security operations to ensure that budget, strategy and data management continue to meet your commercial and compliance needs.

To keep your outsourced SOC accountable and performing, consider the following steps:

  • Clearly define the scope of services: Ensure that the scope of services provided by the outsourcing vendor is clearly defined and agreed upon, and that the vendor is aware of your expectations.
  • Establish regular communication: Set up regular communication with the vendor, including regular status updates and progress reports.
  • Maintain access to data: Ensure that you have access to the data and information generated by the outsourced SOC, and that the vendor is transparent about how this data is used and protected.
  • Establish performance metrics: Define performance metrics for the outsourced SOC and regularly evaluate the vendor’s performance against these metrics.
  • Review and update the agreement: Regularly review and update the agreement with the vendor to ensure that it remains aligned with your needs and expectations.
  • Foster a collaborative relationship: Be actively engaged with the vendor and work together as if they were part of your internal team.


Sentis Managed Solutions is an Outsourced SOC

Trying to find an outsourced Security Operations Centre (SOC)? Your search is over.

Sentis Managed Solutions are a Managed Security Services Provider (MSSP) delivering people-powered, third-party SOC solutions for organisations in manufacturing, finance, professional services, legal, environmental services and many more security-critical sectors.

Our outsourced Managed SOC Service provides 24/7 threat hunting, analysis, and response from a coordinated team of elite cybersecurity specialists, armed with the best SIEM technology. So, you can defend your business from hard-hitting threats without hiring a CISO.

Learn more or ask us a question here.

Find out what your ideal SOC should include

Book your free IT Audit and Risk Report