Last Updated: 2017-03-31 12:30:06 UTC
by Xavier Mertens (Version: 1)
I'm involved in a project to deploy a SIEM ("Security Information &Event Management") / SOC ("Security Operation Center") for a customer. The current approach is to outsource the services to an external company also called a MSSP ("Managed Security Services Provider"). We had an interesting chat about the pro & con to have an internal or external SOC. The main arguments from the company are:
- We don't have experience on board and we should hire people. And keep them on board!
- We don't know how to deploy the SIEM / SOC
- We have a limited budget (which is the 1st argument for many organizations)
Often, if not always conceded, the deployment of a SIEM is part of a long list of compliance requirements (from the business or the group the company belongs to).
Here is a small recap of the points we discussed:
And you? What is your point of view? Feel free to share.
Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant