The AZTech IT Blog

IT Industry News, tips and tricks and the latest AZTech IT news

The different types of Cyber Security Operation Centres (SOC)?

Posted by Michael Houghton | 16-Aug-2021 16:49:40

There are multiple types of SOC’s that can be differentiated by their organisational and operational qualities. What type of SOC your business should employ will depend on your security needs, as well as how much in-house resources and budget you have.

Virtual SOC

Virtual SOC has no physical/dedicated location or a dedicated infrastructure and is hosted on a web-based portal. A vSOC team works reactively in their approach to cyber threats, which sets virtual SOC apart from other types of SOC’s.

Benefits of a Virtual SOC:

Virtual SOC’s have all the capabilities and tools that physical SOC’s have, however, at a fraction of the cost. A vSOC is that it will save you the cost of on-premises infrastructure and cost of hardware.

Availability and Reliability
Virtual SOC is hosted in the cloud, which is a highly reliable, scalable, and accessible tool.

The work-life landscape rapidly changed in 2020, and we now see many more businesses working from home, or hybrid working, which has resulted in seeing an increase in BYOD (bring your own device). Employing a vSOC allows flexibility not just around physical premises but also on multiple devices.

Disadvantages of Virtual SOC:

Virtual SOC is a mostly reactive approach. Furthermore, the nature of a virtual SOC means that it is not being monitored 24/7, which makes the tool potentially less reliable compared to other SOC systems.

How to improve your Virtual SOC

Virtual SOC’s can be improved through automation, analytics, and the employment of SIEM technology.
Furthermore, you can outsource your vSOC to IT security experts, or managed service providers (MSP) which can increase the security capabilities as well as allow access to expert resources.

Managed or co-managed SOC

A managed or co-managed SOC is the involvement of outsourced IT experts or an MSP (managed service provider).
Managed SOC is where your outsourced team takes full control over all cybersecurity matters, whereas a co-managed SOC is usually made up of on-site monitoring, whilst other responsibilities are given to your partner MSP, however, roles and responsibilities vary depending on your organisation’s needs.

Benefits of a Managed or Co-Managed SOC:

Cost and budget
Unlike other SOC options, managed or co-managed services are usually billed on a monthly subscription fee, which means there is little to no upfront investment. This means this solution is far more accessible to small or medium businesses. Furthermore, MSPs can sometimes supply hardware and software at a discounted cost as they have partnerships with suppliers.

Partnering with an outsourced company can significantly reduce the setup and the day-to-day running of your SOC. An MSP should be able to get your business set up and running with minimal disruption to your organisation’s usual activities.

Escalation of critical threats
A downside of SOC is that it can flag multiple threats throughout the day, some of which may not be critical or could be a false alarm. However, a managed SOC provider will only send threats and alerts through when they need your organisation’s attention.

Proactive threat detection
Depending on the services that your managed SOC provider offers, it is possible to permit your MSP to protect your network from being compromised if a threat is detected.

Partnering with a managed SOC provider means that your business has more flexibility around the size of your in-house team. Moreover, instead of using your in-house IT experts to fully manage your SOC, they can focus on developing other areas of your IT.

Continuous monitoring
Working with a managed SOC provider will provide your business with 24/7/365 monitoring and support.

Access Industry Experts
Partnering with a managed SOC provider will give you access to a whole team of cybersecurity experts, that have a range of experience and skills surrounding IT security. Additionally, said experts can use their knowledge to identify, analyse and escalate any potential threats.

Disadvantages of Managed or Co-Managed SOC:

Virtual SOC is a mostly reactive approach. Furthermore, the nature of a virtual SOC means that it is not being monitored 24/7, which makes the tool potentially less reliable compared to other SOC systems.

Dedicated SOC

A dedicated SOC is where your business houses a dedicated centralised team and infrastructure that is focussed completely on cybersecurity. The size of a dedicated SOC will vary depending on an organisation’s security needs, size and risks.

Benefits of a Dedicated SOC:

Continuous monitoring
Cybercriminals often attempt hacks after office hours, or on weekends as they are aware that there will be less possibility of being caught. However, having a dedicated SOC ensures you that your IT infrastructure will be monitored 24/7 365 days a year.

Centralised visibility
Networks are becoming more complex as more businesses are working from home, hybrid working or and employing BYOD. To effectively secure this type of IT environment, an integrated visibility solution is required which will enable an organisation full visibility into its network infrastructure and potential attack paths.

Disadvantages of Dedicated SOC:

A Dedicated SOC requires a large upfront investment, which means, especially for SMB’s makes this an impossible option. This solution is best suited towards larger enterprises and government organisations that have large IT infrastructures and face regular cyberattacks.

Command SOC

Command SOCs are large and spread out, usually having locations globally. This type of SOC is usually used by Global 2000 companies, defence organisations and large telecoms providers.

Benefits of a Command SOC:

Access to security experts
Command SOC’s are made up of hundreds of IT and IT security experts that have vast expertise and experience within the cybersecurity fields.

Knowledge and expertise
Due to the size, and type of client a command SOC deals with, Command SOC’s usually have dedicated security research teams that are researching the latest threats and latest security processes.

Threat Detection
Due to the nature of Command SOC’s they house greater capabilities to proactively hunt down threats which decreases the number of effective threats.

Disadvantages of Command SOC:

Virtual SOC is a mostly reactive approach. Furthermore, the nature of a virtual SOC means that it is not being monitored 24/7, which makes the tool potentially less reliable compared to other SOC systems.

Does my businesses need a SOC?

Unfortunately, there is no black and white answer to this question. It all depends on your business.

When deciding whether your business needs a SOC you will need to factor in variables such as company size, IT budget, IT security needs, turnover, and industry.
We recommend that businesses with around 30 employees+ should have a SOC in place.

However, smaller businesses, those with less than 30 employees should consider employing a SOC if they deal with sensitive data such as those in the finance or medical industry or companies who regularly experience attempted and/or successful cyberattacks.

Another factor to consider when deciding whether you should have a SOC or not is to consider the cost of a cyberattack on your business. It has been reported that UK businesses spend an average of £3.4million responding to incidents.

If you have any questions or concerns about your cybersecurity, we offer a free cybersecurity assessment performed by one of our experts here at AZTech, or you can download our cybersecurity assessment checklist. View our full range of cybersecurity services here. 

Related content


Topics: IT Security, cybersecurity, Security Assessment

Written by Michael Houghton

Technical Director

Subscribe to the Blog!

Free IT Healtch Check