Home / Blog / General / Pros and cons of outsourcing your Cyber Security – In-house, MSSP, or Virtual SOC?

November 22, 2017

Deciding on your strategy to protect your organisation from cyber security threats we face today is an important task.

As we’ve see all too often in the news headlines, traditional perimeter defences are easily compromised with today’s digitally-connected, mobile-enabled business. And with the UK’s adoption of GDPR – and the significant associated fines and data breach notification requirements – there is added urgency to overcome the risk of cyber attacks. So, you need to know the pros and cons of outsourcing your cyber security.

There is a lot of information to digest and many options which need to be considered in relation to your unique business requirements. What works well for one organisation may not be the best for another. First, you need to understand what options are available and secondly, the best fit your requirements.

Weighing options - In-house, MSSP, or virtual SOC?

When deciding on your cyber security management, there are three main options available to you:

  1. Build an internal team of dedicated cyber defence personnel.
  2. Outsource your cyber security – either partially, or fully – to a specialist Managed Security Service Provider (MSSP).
  3. Use a Virtual SOC – a ‘Security-as-a-Service’ web-based platform – driven by your internal team, powered and supported by third-party technologies, typically in the form of a SIEM platform.

Internal cyber security

internal cyber security

Developing an in-house team of cyber security personnel to maintain your critical business and information security is a natural option, since many organisation’s IT teams already play a role, managing firewalls, Anti-Virus and other perimeter technologies to help secure your business.


Simply put, your data underpins and powers your business. Retaining full control of this information means you do not offload risk onto an external supplier. You can see what your staff are doing, oversee activities and prioritise tasks. Having the staff immediately on-hand means you get full utilisation of their resource and can immediately direct this, as desired, toward changing activities – without having to communication through a third-party. And as your team is on the payroll, you can further utilise them for other IT tasks, not specific to cyber security, providing added flexibility and agility.

Familiarity with business-specific activities

A core benefit of an in-house team, is that they intimately know your business-specific operations, processes and culture, with a full understanding of new business initiatives, seasonal cycles, or industry-specific challenges. Working as an integral part of your wider business, they will be familiar with the people, office culture, and the specific challenges faced and know for example, how configuration changes will affect your operations, or the best strategies to implement changes to minimise service downtime.

Quality of experience

As with any internal resource, the effectiveness of the team is very dependent on recruiting and retaining individuals with the right levels of expertise and experience. Large internal teams are able to share knowledge, insight and experience, discuss the latest threats, trends and strategies. This is known as ‘crowdsourcing knowledge’ which isn’t as feasible in smaller teams, as it is harder to keep up with current threats, technologies and strategies, in the way a much larger team of outsourced professionals could. This can leave a knowledge gap, reducing the quality of security outcomes – which is why almost every organisation will choose to partially or fully outsource areas of their business operations, including cyber security.

MSSP (Managed Security Service Provider)

Managed services

Either in partnership with internal teams, or as a fully outsourced activity, working with a specialist MSSP is now a very desirable option, particularly as businesses transform their IT, utilising cloud-based services and workforce mobility technologies.

Yet as IT transformation takes place, so traditional perimeter security strategies become increasingly porous. Core to any MSSP’s services should be a highly integrated strategies and technologies – with 24/7 proactive security monitoring – to keep your organisation protected from the fast-changing threats we see today.

Better security outcomes

A large team of experts will be up-to-date with the latest security knowledge and trends. In dealing with a large number of diverse businesses, MSSPs have far greater breadth of experience in solving the very real threats, as well as keeping up to date with the latest hacker strategies. With team members dedicated to specific activities, or disciplines, they have the time to fully exploit security technologies, evaluate and leverage cutting-edge methodologies and call upon a extensive pool of collective experience.

Set-up time and scalability

Make no mistake about it. Setting up a security operations team takes time, energy, resources, and money. From setting up the physical infrastructure and hardware, researching and procuring security technologies, to recruiting, training and managing qualified security analysts, the timescales required for an operational and effective security monitoring programme is significant – a minimum of 6-12 months.

You should also consider the future requirements of your business, as your IT transforms, as well as how hacker strategies alter to exploit new security vulnerabilities.

With an existing and experienced security operation in place, MSSPs are able to rapidly scale and transform your security monitoring in a matter of weeks. Keeping pace with the ever-changing threats, evaluating and integrating new technologies, as well as training and recruiting personnel is also integral to an MSSPs role – meaning it is not a concern, or overhead on your business.

A final noteworthy comment, is that, as a procured service, you can rapidly scale up, or down your services with an MSSP, especially if, for example, your business has seasonal, or cyclical peaks of activity.

24/7 security monitoring

Hackers don’t work the 9 to 5. In fact, targeted attacks are timed to occur outside of business hours. 24/7 security monitoring is the only way to secure your critical business information and comply with the requirements of GDPR. Few businesses are able to make the significant up-front and on-going investments in setting up a 24/7 security monitoring operation. Not only will an MSSP protect your organisation, day and night, they will always be on-hand to remediate emergencies ‘out of hours’ and ensure business continuity.

Reduced cost

Although it might initially seem counter-intuitive, the cost of outsourcing your security to an MSSP will be significantly less than the costs of setting up, recruiting and managing an internal security team. For an MSSP, there is an economy of scale, with investments already made in the required facilities, technologies and personnel, so the operational cost when outsourcing is significantly lower than doing it yourself.

Additionally, OPEX pricing provides easy budgeting, compared to the variability of the CAPEX costs when setting up your own security operations centre (SOC). An outsourced security team are additionally not limited with resource or budget constraints, which in-house teams are likely to factor into their security plans.

Faster response times

Unless you have a dedicate in-house security team, able to provide 24/7 coverage, an MSSP will always be ready and able to investigate and respond to potential or active cyber threats – particularly outside of regular business hours.

Virtual SOC (Security Operations Centre)

Virtual Security Operations Centre (VSOC)

A Virtual SOC or VSOC is a secure web-based ‘Security-as-a-Service’ platform, providing you with Enterprise-grade SIEM (Security Incident & Event Management) tool to proactively monitor your information security – in real-time.

Low entry cost

As a cloud-hosted service, a Virtual SOC provides the lowest entry cost of the three options, yet provides a powerful toolset for internal teams to utilise.

Driven by your internal team, your ‘Security-as-a-Service’ platform provides visibility of potential and active threats traversing your IT infrastructure, as well as the tools to rapidly neutralise and respond to cyber threats – at a fraction of the cost of procuring and managing the tools ‘on premise’.

Enterprise tools

Proactive security monitoring is the only way to secure your critical business information and comply with the requirements of GDPR.

Benefit from Enterprise security monitoring tools for a modest OPEX investment, with the back-up of an experienced security team (typically an MSSP) to help your organisation get the most from the tools, or support your organisation if you suffer a breach, for example.

Real-time security alerts

When correctly configured, the SIEM tool will send real-time to alerts to potential security threats 24/7, which you can either investigate via your internal team, or escalate to a supporting MSSP.

In particular, the SIEM tool of a Virtual SOC fulfils the security monitoring and reporting requirements of GDPR, to help avoid the potentially significant fines from a resulting data breach.

In-house resource

For a Virtual SOC to be effectively utilised, you still require experienced in-house security personnel to correctly configure the tool, as well as have a wider understanding of cyber defence strategies, such as security assessments, or vulnerability scans.


Like with any ‘Software-as-a-Service’, you can call upon expert support from your Managed Service Security Provider (MSSP) who is providing the VSOC tool, with a variety of SLAs available to suit your particular needs – especially in the event of a breach, to help you quickly neutralise the threat and avoid data loss.


A VSOC places the workload responsibility firmly on your internal team, which might be a challenge if your existing IT teams are already over-stretched. But with the support of the MSSP providing the VSOC service, you can escalate support requirements to call upon additional resource, as required, to ensure you keen on top of you information security monitoring.

Further reading

About Comtact Ltd.

Comtact Ltd. is a government-approved Cyber Security and IT Managed Service Provider, supporting clients 24x7x365 from our ISO27001-accredited UK Network & Security Operations Centre (NOC/SOC).

Located at the heart of a high security, controlled-access Tier 3 data centre, Comtact’s state-of-the-art UK Cyber Defence Centre (SOC) targets, hunts & disrupts hacker behaviour, as part of a multi-layered security defence, to help secure some of the UK’s leading organisations.