Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementPhysicalSecurity Enterprise ServicesSecurity Leadership and ManagementSecurity & Business ResilienceCybersecurity News

Building a security operations center (SOC) on a budget

By Matthew Warner
security leader salary

SARINYAPINNGAM/ iStock / Getty Images Plus via Getty Images

December 19, 2022

A security operations center immediately incites images of a large, windowless room filled ceiling-to-floor with large flatscreen monitors. Security analysts sit dutifully at desks, taking in information from several screens at once, ready to pounce on even the slightest anomaly.

This vision of a security operations center, or SOC, is rooted in reality but only for a select few. The types of setups and capabilities showcased in these portrayals exist for large enterprises, such as Fortune 500 companies, major government agencies, or international finance organizations.

The reasoning is simple: Operating an entire SOC is a tremendous undertaking that requires significant investments in technology and personnel. It is often not practical, or even possible, for small and medium-sized businesses to strive for this type of environment. Instead, they should look to build a SOC that meets their needs at a price point that fits within their overall security expenditures.

They need to build a SOC on a budget.

 

What Exactly is a SOC?

A SOC is an organizational framework for security. It combines many components of a robust security environment, including people, processes, and tools that can detect, respond, and analyze security threats. SOCs run 24 hours a day, seven days a week, with security analysts interacting with environmental data to watch for emerging threats and respond as required.

Along with the SOC, organizations may also hear the terms SIEM (security information and event management) and EDR (endpoint detection and response). 

SIEM is a centralized logging tool. As its name suggests, it takes data from many places, including applications, systems, servers, antivirus trackers, and EDR, to notify team members of suspicious activity. 

EDR is a type of software that runs on endpoints to detect incoming threats. It provides real-time monitoring with an automated response that helps mitigate known issues.

 

Who Works in a SOC?

Along with the technology components, a SOC leverages several levels of cybersecurity analysts. They are broken up into tiers and manage different tasks based on their experience. 

Tier 1 (Triager): An entry-level position that works on the front lines of the SOC, typically triaging and prioritizing the hundreds of alerts that get set. This person may also provide end-user support and endpoint installation. Since this role can be tedious, employees often do not stay in it for long due to stress and burnout.

Tier 2 (Security Investigator): A more experienced team member, this person provides deeper analysis and investigation into the sources of an attack. They may also be involved in mitigation strategies.

Tier 3 (Advanced Security Analyst): This person takes a high-level approach to SOC maintenance, identifying known vulnerabilities and reviewing past threat information. They often create detections and reports and look for trends. They also may help with incident response.

SOC Manager: Outside of the tier system, this person manages SOC operations and communications with technology leadership, such as the chief information security officer and chief technology officer.

 

What Are The Challenges Of Building a SOC?

SOCs rely on technology and people to operate. Information security is a universal business need, making the fight for talent tough. Organizations must commit to recruiting, hiring, and retaining professionals in a competitive industry that currently has more jobs than qualified employees.

Hiring outside staffing firms can help cut time from this process, but often the cost is prohibitive for small businesses. Even once they are hired, a Tier 1 analyst with just a few years of experience can command a significantly higher salary on the open market.

Along with hiring, there is also the challenge of technology. While different security solutions provide a range of essential roles, the excess technology in a SOC can become overwhelming. This results in a phenomenon known as “alert fatigue,” where team members become numb to the constant barrage of security threats.

This can lead to decreased performance and employee burnout. Too many false positive alerts can contribute to this as well. False alarms account for about 40% of all alerts and further encourage the bad habit of ignoring these warnings, especially during busy times.

 

The Costs of a SOC

The staffing component of a SOC eats up most of the cost. For a traditional SOC, organizations should expect to hire a minimum of five security analysts. Even if organizations employ junior team members to monitor the SOC, they should expect to budget a minimum of $500,000 for these analysts alone. Some organizations choose to hire experienced engineers and build automated alerting tools, but even that scenario requires paying a team member $150,000 annually or more.

Other costs include technology licenses, certification programs for analysts, and hardware. According to Ponemon, the average organization spends $2.86 million per year to run an in-house SOC.

 

Building on a Budget

A SOC is a strong option for large enterprises, but it is undoubtedly cost-prohibitive for small and medium-sized businesses. Those with smaller budgets should aim for the capabilities a SOC provides without the cost.

The ultimate goal of a SOC is to provide visibility into an environment and detect and respond to threats. Smaller organizations can achieve that with a solid monitoring strategy and a few key tools deployed in the correct areas. The best approach is to start slowly, collecting data logs from the most important sources in an environment.

Begin with systems that already deliver security logs, such as IPS/IDS and endpoint protection. This will allow IT teams to become familiar with the software and configuration options while combining applications into one log management system. From there, keep adding logs for high fidelity programs such as Windows, DNS, honeypots, applications and databases that can provide more visibility into your infrastructure. 

Centralized logging provides visibility into the environment, but analyzing log files from multiple sources can be overly time-consuming. A SIEM can provide analytics, search, and reporting capabilities to provide context around these events and alert to suspicious behavior. Find a SIEM solution that can consume the log data affordably. Some SIEMs charge based on log ingestion, while others do not, so look for a product that fits your budget. 

With a SIEM that can better manage alerts, users can ensure they only get actionable items. Accompany alerts with context or built-in workflows and playbooks that give suggestions for next steps. With the right SIEM, you can quickly respond immediately to critical threats and delay lower threats to when time allows.

Leveraging a SIEM along with data logs can create many of the same functionalities of a SOC without the high cost. While a SOC is not possible for everyone, the capabilities and a secure network are something everyone can afford with the right approach.



This article originally ran in Security, a twice-monthly security-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.

KEYWORDS: cyber security risk management security framework security operations Security Operations Center (SOC)

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Matt warner

Matthew Warner is CTO and Co-Founder of Blumira, a cybersecurity provider of automated threat detection and response technology. At Blumira, he leads the security and engineering efforts to provide actionable insights into cybersecurity risks at scale. Warner has over 10 years of experience in IT and development, focusing on business strategy, development, compliance, threat detection and penetration testing. Previously, he was Director of Security Services, Development & Security at NetWorks Group, responsible for defensive information security and services.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer

Recommended Content

  • Security’s 2025 Women in Security

    Security’s 2025 Women in Security

    This year’s Women in Security honorees drive meaningful...
    Physical
    By: Rachelle Blair-Frasier
  • Bandage over cracked pavement

    Breaking Down Burnout: Healing Cyber Teams with the Right Tools and Strategies

    Cybersecurity teams are burning out, and it’s happening...
    Security Leadership and Management
    By: Ravid Circus
  • Rendered computer with keyboard

    16B Login Credentials Exposed in World’s Largest Data Breach

    A record-breaking data breach occurred, involving the...
    Cybersecurity News
    By: Security Staff

Recommended Content

  • Security’s 2025 Women in Security

    Security’s 2025 Women in Security

    This year’s Women in Security honorees drive meaningful...
    Security Enterprise Services
    By: Rachelle Blair-Frasier
  • Bandage over cracked pavement

    Breaking Down Burnout: Healing Cyber Teams with the Right Tools and Strategies

    Cybersecurity teams are burning out, and it’s happening...
    Cybersecurity
    By: Ravid Circus
  • Rendered computer with keyboard

    16B Login Credentials Exposed in World’s Largest Data Breach

    A record-breaking data breach occurred, involving the...
    Security Newswire
    By: Security Staff

Recommended Content

  • Security’s 2025 Women in Security

    Security’s 2025 Women in Security

    This year’s Women in Security honorees drive meaningful...
    Security Enterprise Services
    By: Rachelle Blair-Frasier
  • Bandage over cracked pavement

    Breaking Down Burnout: Healing Cyber Teams with the Right Tools and Strategies

    Cybersecurity teams are burning out, and it’s happening...
    Security Education & Training
    By: Ravid Circus
  • Rendered computer with keyboard

    16B Login Credentials Exposed in World’s Largest Data Breach

    A record-breaking data breach occurred, involving the...
    Cybersecurity News
    By: Security Staff
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • video wall SOC

    How to build a security operations center on a budget

    See More
  • alert-freepik1170x658.jpg

    Wiperware (pseudo ransomware) used in Ukraine cyberattacks

    See More
  • SEC0119-Cover-Feat-slide1_900px

    4 Trends for Building and Operating a Security Operations Center

    See More

Related Products

See More Products
  • operations center.jpg

    Security Operations Center Guidebook

  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!