The True Cost of Information Security

In-House vs. Outsourcing SIEM

outsoure_inhouse 

A security information event management platform, or SIEM, is one of the most critical components of a security monitoring and incident response posture. A SIEM generates a single report of all the log data from many different systems, removing the need for manual monitoring. It can also send out the alert when potential security incidents arise.

If you’ve purchased a SIEM, you know that threat detection is equally as important – or even more important – than prevention and protection. 

Your SIEM is only as effective as the information security team that manages it.

In fact, the number one challenge in information security is having the right resources – including expertise, time, and money. It’s costly to hire an information security team and equip them with the necessary tools to be effective. If you want 24x7 coverage, for example, it takes at least eight analysts. 

Screen Shot 2019-11-07 at 7.49.59 AM

Let’s take a closer look at the numbers. According to Glassdoor.com, an average Tier 1 security analyst makes an annual salary of $77,665. Add in taxes and benefits, and each analyst can easily cost an organization $100,000 per year. Now multiply that number by eight – and add in the cost of a SIEM and other detection and response tools – and you’ve now exceeded $1,000,000 per year. That kind of investment is often out of reach for most organizations. 

Don’t drop your recruiting efforts yet! Once your eight analysts have some real-world experience, their inboxes will be filling up with attractive job offers from other companies – meaning that you’ll need to constantly work on hiring, training, and recruitment. Considering the expense of this effort, it’s easy to see why so many organizations outsource information security to a managed detection and response/managed security service provider (MDR/MSSP) like Castra.

Castra has been building Security Operation Centers (SOC) as a service since 2012, and we’ve successfully deployed SIEM/SOAR and a variety of information security products and services in more than 2,000 organizations across the globe. How can Castra make a difference to your organization? Use the cost-benefit analysis below to help your team understand the cost and challenge of building your own 24x7 SOC.

Castra Managed Services

One (1) Full Time Employee

(Average) $36,000/year

(Average) $77,665/year

Pros

Cons

Pros

Cons

Castra Founders have a combined 35+ years of Information Security Experience

Outsourced

In-house

Limited Security Operations experience

U.S. Based, diligent SOC Analysts, Mastered Several SIEM Platforms and Information Security products

 

Exclusive to you

Limited SIEM experience

Leading Partner with multiple vendors 

   

Might need SIEM and Incident Response training (more time and money)

SOC2 Type I, Type II Certified

   

Sick Days

Written custom code, correlation rules, and plugins by the hundreds

   

Benefits add more cost

15,000 Sqft 

24x7x365 

Security Operation Center and team

   

Limited to 40-50 hour work works

Currently managing several large and medium worldwide organizations in all types of industries

   

Vacation (2 weeks)

Cost is predictable and constant 

   

Cost increases over time