• Cybersecurity professionals Colin Henderson and Ray Espinoza share their take on in-house versus outsourced threat detection and response.
  • Your in-house team has the context necessary to recognize true security threats, but they’ll only perform effectively if you properly educate them about the environment and establish an escalation protocol.
  • Outsourcing can serve as a value-add augmentation or an operationalized partnership. Both require trust and time.

It’s the classic operational decision point: Do we move forward with a complex undertaking internally or seek help from specialists?

Each time you come up against this question could feel unique — and challenging. Your mix of in-house versus outsourced security services will likely evolve as your organization adapts and grows, so understanding the pros and cons of both options is non-negotiable as a leader.

A hot issue in the cybersecurity field, this inevitable choice requires scrutiny. We picked the brains of two top security professionals to explore the nuances of such a critical decision.

Colin Henderson, VP of Security at OneTrust, calls himself a “passionate cyber executive” and loves to develop leaders. Ray Espinoza, VP of Cloud Security at Medallia, is a business security strategist who values a “security-aware workforce.” I sat down with them both to discuss this common conundrum.

The case for in-house cybersecurity

If you like the feeling of complete control, chances are you’ll lean towards keeping things internal. And there are lots of great reasons to do so if you know how to hire wisely and set up efficient, realistic systems.

Choosing to manage your organization’s security in-house offers:

Familiarity: There’s something to be said for sticking with what you know. The more familiar your team is with your business’s purpose, goals, and needs, the more equipped they’ll be to make informed decisions.

“You’re going to get better context and response by people who live in the environment day in and day out,” Colin points out.

Decision-making power:When you don’t have to consider an outsider’s opinion — or their communication protocol — your day-to-day is, theoretically, simple. There’s no need to consult with anyone beyond the four walls of your office about an escalation. You and the people you’ve chosen to work with can decide what needs a response.

Quick response time: If you dedicate upfront effort to delineating effective workflows, finding quality tools, and offering leading-edge training, your own team will be the fastest choice.

When this is a success and your people are “masters of all,” as Ray puts it, the result is unparalleled efficiency.

Bottom line? If you have the resources to establish systems that prevent your team from working beyond their capacity and assemble a team you can trust, keeping things “in the family” may be your best bet.

LogicHub is helping customers harness the power of AI and automation to face the toughest security challenges - today and tomorrow. White paper: Power to the People Democratizing Automation & AI-Driven Security

Why outsource to a managed detection and response (MDR) service?

There is, of course, another side to the coin. Using your own team comes with expenses: labor costs, equipment, and training, to name a few. It’s also associated with risks, most significantly the chance that you’ll overlook a big threat and have to face the fallout without any help.

Even if you can withstand these elements, there might still be logical reasons to find an experienced partner.

1. When your team needs support for menial tasks

Colin prefers to leverage third-party security management as an augmentation, rather than a comprehensive solution. A best-of-both-worlds scenario is achievable if you know exactly what you need.

Many companies benefit from handing over data-sifting responsibilities to an experienced, tech-forward MDR vendor and keeping a small team in-house to handle environment-specific responses.

Ray describes what this looks like for his team.

“If the signal or the fidelity is so high, I don't necessarily need to do something about it actively if we have the ability to automate some of that remediation workflow,” he says. “I would love to see that in a report and know that it happened, but I don't need to do something about it if we know that it meets that specific threshold.”

Automation of lower priority tasks is a mega-timesaver and especially valuable in a talent shortage, but it doesn’t have to replace your team entirely.

Because your business needs are dynamic, outsourcing to automate only some tasks works best when you understand the managed provider’s metrics and clearly communicate what you care about over time.

2. When you want specialization and customization

One stand-out benefit of outsourcing is the potential to access a wide range of experts you wouldn’t necessarily be able to hire in-house — and whose salaries you don’t have to pay.

Advanced jobs like threat hunting require technical expertise you may not have the time, resources, or ability to develop. Security analysts have had to grow over time in their knowledge of overall detection and response capabilities. There’s simply more to understand than existed in the past.

“Security analysts have always had to know a little about a lot, as opposed to a deep subject-matter expert who has to know a lot about a certain area,” says Colin.

Luckily, outsourcing can help your team keep up when these sweeping changes take place. Furthermore, IT services aren’t necessarily packaged into neatly organized tiers. Their über-specific nature lends itself to customization, so there is a vendor out there that will dig deep to find out exactly what you need.

3. When you’re looking for a long-term relationship

Connecting with a third party is like nurturing a new friendship. It works best when you’re both fully invested and in it for the long haul. If you can identify needs your in-house team can’t fulfill, it could be time to welcome the fresh perspective and capabilities a business relationship can provide.

Cultivating a relationship takes patience but is worth the energy and investment.

“Ultimately, it comes down to trust and finding the right partner,” Ray explains. “Operationalizing and building this relationship, it’s not fast. And it takes time for a provider to understand what the company cares about, what threats are most relevant — you can’t fast-track any of that.”

Osterman Research explores why organizations early to embrace MDR services report higher security posture across multiple dimensions in The Rush to MDR: Achieving the Promise of Elevated Security Posture.

Intuit your way to an answer

The perfect solution for the in-house versus outsource dilemma? There isn’t one.

Despite where you may come down on this industry-wide debate, there could be practical motivations for both approaches to detection and response. To reach the most reasonable conclusion about what will work for your business, explore some basic questions.

  • Which tasks, if any, would be most helpful to outsource?
  • What are our non-negotiables when it comes to response time?
  • To what degree does our environment allow for response flexibility?
  • What kind of relationship would we want to have with a vendor?
  • How much customization do we need, and can we take the time required to develop those custom features?

Ray summarizes his balanced experience: “I've seen both sides of the house: being able to build a team and manage and grow that team over time, as well as looking to offload some of those capabilities to a provider. Honestly, I really feel like it depends on where the company is on their existing security journey.”

If outsourcing intrigues you, find out what a true partnership could look like, take a look at LogicHub MDR service. If you want to keep it in-house, learn more about the LogicHub Security Automation Platform.

LogicHub harnesses the power of AI and automation for superior detection and response at a fraction of the cost. From small teams with security challenges, to large teams automating SOCs, LogicHub makes advanced detection and response easy and effective for everyone.


Related Posts

September 13, 2022 Kumar Saurabh

Why No Code Solutions Are a Double-Edged Sword

Most out-of-the-box security automation is based on a simple logic — essentially, if “this”...

Learn More

August 16, 2022 Willy Leichter

Understanding MDR, XDR, EDR and TDR

A program with proper threat detection and response (TDR) has two key pillars: understanding the...

Learn More

August 9, 2022 Willy Leichter

Intuition vs. Automation: What Man and Machine Bring to Data Security

Cybersecurity experts Colin Henderson and Ray Espinoza share their take on the automation-driven...

Learn More

August 2, 2022 Anthony Morris

Using AI/ML to Create Better Security Detections

The blue-team challenge Ask any person who has interacted with a security operations center (SOC)...

Learn More

July 26, 2022 Willy Leichter

How to Select the Right MDR Service

It can be difficult to understand the differences between the various managed detection and...

Learn More

July 21, 2022 Willy Leichter

The Evolving Role of the SOC Analyst

As the cyber threat landscape evolves, so does the role of the security operations center (SOC)...

Learn More

July 19, 2022 Kumar Saurabh

Life, Liberty, and the Pursuit of Security

As cyber threats evolve, organizations of all sizes need to ramp up their security efforts....

Learn More

July 15, 2022 Tessa Mishoe

LogicHub Security RoundUp: July 2022

Hello, and welcome to the latest edition of the LogicHub Monthly Update! Each month we’ll be...

Learn More

July 12, 2022 Willy Leichter

Security Tools Need to Get with the API Program

No cloud API is an island The evolution of cloud services has coincided with the development of...

Learn More

July 6, 2022 Willy Leichter

Why the Rush to MDR?

LogicHub recently published a survey conducted by Osterman Research, looking at changing trends and...

Learn More