Most companies choose to outsource at least part of their security operations centre (SOC), with a significant number adopting SOC-as-a-service (SOCaaS), according to global research by Kaspersky.
This strategic move enables organisations to benefit from round-the-clock protection, ensure compliance with regulatory standards and leverage advanced cybersecurity solutions and qualified expertise that are often beyond their internal capabilities.
As cyberthreats become increasingly sophisticated, organisations are rethinking how they build and operate their SOCs.
With this in mind, Kaspersky carried out a comprehensive global survey to identify the main motivations, strategic goals, and potential challenges associated with its planning and implementation.
The findings of this research revealed that 64% of companies plan to outsource part of their SOC, combining internal capabilities with external expertise. Meanwhile, over a quarter of respondents (26%) are ready to fully implement an SOC-as-a-Service (SOCaaS) model.
By contrast, only 9% plan to build their SOC entirely in-house, highlighting the growing challenges of maintaining round-the-clock monitoring and attracting qualified specialists.
SOC outsourcing enables organisations to delegate selected SOC functions or even the entire operational cycle to a trusted external provider. This approach can include a variety of services:
- Design and architecture of the SOC.
- Deployment and maintenance of SOC technologies.
- Monitoring and analysis by external security analysts.
- Consulting and training services.
- Full SOCaaS delivery, where the provider handles detection, investigation and response around the clock.
Most companies prefer to maintain strategic tasks internally, whilst leveraging external teams and advanced technologies for operational and highly technical workloads. Among organisations planning to outsource SOC functions, the most commonly delegated tasks to third-party providers included solution installation and deployment (55%), solution development and provisioning (53%), and SOC design (47%).
When engaging external SOC specialists, companies also showed a clear preference for augmenting specific roles, with first-line analysts (61%) and second-line analysts (52%) being the most in-demand among external specialists. These figures illustrate that companies focus more on frontline and intermediate security tasks, such as monitoring and responding to threats.
The leading motivator for SOC outsourcing is the need for 24/7 protection (55%) – an operational requirement many internal teams cannot sustain alone. Another highly cited benefit is reducing workload on internal IT security specialists (47%), enabling teams to focus on strategic tasks.
Additionally, access to advanced solutions and technologies (42%) and external support to ensure compliance with regulatory requirements and standards (41%) further drive the decision to outsource, highlighting the value of specialised expertise and cutting-edge tools such as XDR, MDR, MXDR and others.
Budget optimisation is important for only 37% of companies – indicating that the primary value of outsourcing lies in improved protection, not just cost savings.
“The trend towards outsourcing SOC functions, whether fully or partially, is primarily driven by the necessity for enhanced operational focus and strategic agility.” comments Sergey Soldatov, head of SOC at Kaspersky.
“By shifting routine and technical tasks externally, organisations are able to concentrate on high-value activities such as strategic decision-making and orchestrating responses to sophisticated threats.
“Moreover, this approach often results in considerable cost efficiencies, allowing for optimised resource allocation. Ultimately, this model transforms the SOC into a critical strategic capability, directly contributing to business continuity.”