SOCManaged SecuritySIEM
How to Build a SOC: In-House vs Managed Security Service
June 9, 2025 · 11 min read · System Networks
A SOC (Security Operations Centre) is a 24/7 team of analysts, SIEM, and a set of proven incident response playbooks. It transforms the stream of infrastructure events into operational actions. But building an in-house SOC costs from ₽30 million per year. Not rational for every organisation.
In-House SOC vs SOC-as-a-Service
| Parameter | In-House SOC | SOC-as-a-Service |
|---|---|---|
| Start-up cost | ₽15–30M | ₽0 (subscription) |
| Annual cost | ₽20–40M/yr | ₽1–5M/yr |
| Time to launch | 6–18 months | 1–3 months |
| Data control | Full | Limited (logs with provider) |
| Expertise | Depends on hiring | Experienced analyst team from day one |
| Scaling | Slow, requires hiring | Fast and flexible |
| CII compliance | Full | Possible (contract-dependent) |
When to Build an In-House SOC
→Category 1 CII object with requirement for own CERT
→More than 10,000 employees and 1,000+ servers
→Log data too sensitive to share with external provider
→Budget and management committed to an 18-month build programme
→Existing IS team with experienced L2/L3 analysts
SOC-as-a-Service and 24/7 monitoring
Managed SOC and 24/7 security monitoring →MaxPatrol SIEM · 24/7 · FSTEC · from ₽89,000/month · 15-min response