When you think of a security operations center (SOC), what comes to mind? Is it an organized team of security analysts and engineers who detect, analyze, and respond to incidents, always working in lockstep with business managers to execute on the security strategy? Or, is it a few analysts who spend their days reactively responding to unprioritized security issues with a variety of point tools at their fingertips?

Consider a third option: is it a managed services operation whose business is to successfully run an outsourced SOC with specific metrics and performance outcomes?

When it comes to the human element of team organization, cybersecurity strategy, and the tools and technology underpinning SOCs, the possibilities are endless. And what works for one company may not work for another, hence the many different combinations of how to build and operate a SOC1. Some organizations may not even have a SOC, yet they tackle threat detection and response day in and day out.

It’s these variations, and the criticality of a SOC to detecting and responding to potential threats, that brought the Cyber Resilience Think Tank (CR Think Tank) together at RSA® Conference in February 2020, to explore the benefits and drawbacks of keeping a SOC in-house versus outsourcing it, and what a successful model might look like. As an independent group of industry influencers dedicated to understanding the cyber resilience challenges facing organizations across the globe, the CR Think Tank aims to provide guidance based on lessons learned and expertise.