Cost breakdown to build a Security Operation Center

Guys, those who are managing SOC/NOC and or have had experience
building a SOC/NOC from cradle to grave could please let me know how much was your
initial cost for setting up the SOC. I
would appreciate if anyone could provide me with a details cost break down of
the SOC or could provide me with a sample response to any RFP describing the
setting up a SOC with cost, labor, education, etc. Breakdown.
The company that I’m working for has never taken this kind of initiative but is looking to bid on a contract to build a combined NOC/SOC in the middle east, and fortunately/unfortunately they asked me to look into this and create a report based on my research about this prospect. Any advice is welcome, and thank you all for your advice.
Comments
Building a SIEM and staff... maybe not too bad. Need to build out infrastructure? Could easily be 10-100m+ depending on size.
What are the customer requirements? What is in your Statment of Work?
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
I'd suggest you guys try to hire a few experienced people asap.
I have worked on a similar project, in a similar situation and we found that we were greatly delayed by a lack of in-house experience. This was compounded by what you are currently illustrating: without experience, you have no clue how to budget the project. The same happened to us: consulting rates as well as hard/software purchases were much higher than expected and even the annual CTO was underestimated.
For your specific situation, here's a few pointers.
- You're designing, building and operating a complex system. It consists of server hardware, server software, workstations and workstation software.
- This complex system needs to inter-operate with the client's other IT systems. You will need to determine the exact interactions required and how you should implement these. Think: IAM, RBAC, storage, but also data flows.
- This complex system is not something you "fire and forget". You don't manually build a few boxen, put them on a desk/cabinet and never touch them again. You will need to be able to REbuild them, to back them up, to restore them, to manage them, to patch them. Does the client already have systems that you can build upon?
- The front-office part of the NOC/SOC will require a lot of TLC: tender loving care. You're building a working environment for people who will have a strenuous job! It's not simply a matter of putting Windows PCs with a browser on there! You have to either make use of the client's existing working environment (if you're lucky) or design and implement your own end-user environment.
- I've already mentioned this: data flows. Does the client already have security software, a SIEM, alerting, monitoring etc and are you only building the front-office? Or are you expected to implement all of that as well? Those are things that take a lot of effort to build The Right Way(tm) and it takes even more time to ensure you're actually getting data in there from the client's actual production environment.
Just a few thoughtsGood luck!
Cannot stress this enough! Do not hire L1 Analysts to build your SOC. Get experienced Analysts that can properly guide your data ingestion, alerting use-cases, playbooks, and IR procedures. Once you actually have that in place you can start staffing Analysts with less experience to crunch tickets.