pdf

SANS - Webcast - Designing and Building a SOC In-house vs Out-Sourcing.pdf
Sans Webcast Designing And Building A Soc In House Vs Out Sourcing

Comparison of in-house versus outsourced SOC models.

This page contains AI generated content. Errors or omissions may be present. Use human level critical thinking.
  • Q: What is the 'Hybrid SOC' model advocated in the webcast?
    A: Retaining core incident response and threat hunting expertise in-house while outsourcing 24/7 monitoring and log collection to an MSSP.
  • Q: What is the primary hidden cost of an 'In-house Only' SOC?
    A: The high cost of recruiting, training, and retaining skilled staff, and the overhead of managing 24/7 shifts.
  • Q: What is the major downside of 'Fully Outsourced' security?
    A: The lack of business context and the potential for a 'black box' service where the organization loses visibility into its own data.
  • Q: What criteria should be used to select an MSSP?
    A: Their ability to integrate with your specific technology stack, their SLAs for detection (not just notification), and data ownership policies.
  • Q: What is the 'Co-Managed' SIEM approach?
    A: A model where the organization owns the SIEM license and data, but the MSSP manages the infrastructure and provides the first layer of monitoring.
  • Q: When is 'Outsourcing' the best option?
    A: When the organization lacks the scale or budget to sustain a minimum effective team (usually <5 security staff).
  • Q: What is the 'Data Sovereignty' consideration?
    A: Ensuring that an outsourced provider keeps your data within required legal jurisdictions (e.g., GDPR requirements).
  • Q: How does the webcast suggest measuring MSSP performance?
    A: Through regular 'purple team' exercises where you simulate attacks to test if the provider detects and reports them according to the SLA.
  • Q: What is the 'Vendor Lock-in' risk with MSSPs?
    A: The difficulty of migrating historical logs and knowledge if you decide to switch providers or bring the function in-house.
  • Q: What is the '24/7' fallacy?
    A: The assumption that bad things only happen at night; often, the most critical need for expertise is during business hours when users are active.

Ask a question

Have a doubt or need clarification?



I’m here to help. Share your question, and I’ll get back to you with the guidance you need regarding the course.

Thank you!

I have received your message and I shall get back to you shortly.