The Definitive Guide to

Scaling Your SOC

For growth-minded MSPs

Before we start
By Patrick Linton, COO Bolton Secure

The world of IT services is rapidly evolving, and nowhere is the front line of this evolution more evident than in what you, the trusted MSP, face on a daily basis.

From the “break/fix” model of the early '90s to the recurring revenue managed services model of today, MSPs now face a rapidly growing market fraught with challenges, and opportunities.

In fact, the global managed services market is expected to grow from $180.5 billion (USD) in 2018 to $282.0 billion by 2023, at a CAGR of 9.3% during the forecast period.

The increase in spending on IT coincides with the global rise in work being done online. Estimates cite that 80 billion devices will be connected to the internet by 2025, and, as work shifts online, so does data. At the current global rate, 2.5 quintillion bytes of data are being created every day, and one staggering statistic from IDC predicts that the collective sum of the world’s data will grow to 175 zettabytes by 2025, representing a compounded annual growth rate of 61%.

The bad news is, data breaches are also becoming the norm. Consider JPMorgan Chase’s 2014 data breach that impacted 7 million small businesses (the company subsequently doubled its cybersecurity budget to $500M) or the 2006 TJX data breach that cost $200M.

In fact, as more and more people go online, not only do more and more crimes shift online but so does the financial impact and occurrence of those crimes. The annual cost of cybercrime is expected to increase to $6T by 2021, up from $3T in 2015, and, ransomware attacks that happened every 40 seconds in 2016 are expected to happen every 11 seconds by 2021.

And as expected, regulation is following at a rapid pace. Europe’s General Data Protection Regulation (GDPR), Singapore’s Personal Data Protection Act (PDPA), and the Philippines Data Privacy Act (DPA) are just a few far-reaching examples of data protection laws being established across both the developed and developing world.

This confluence of factors has put MSPs in the hot seat. As a trusted IT provider, YOU are the natural choice for your customers to turn to for all IT needs - security included.

This eBook is the first step in exploring how you can successfully scale your security offerings, and compete in the ever-evolving world of cybersecurity.



Cybersecurity: the imminent threat facing businesses today

Cybersecurity threats are more sophisticated, frequent, and targeted than ever before

In 2017, McAfee reported over 278 new cyber threats every minute. Hacking groups are also evolving their strategies with fileless hacking techniques and are specifically targeting managed service providers (MSPs) to gain simultaneous access to huge pools of data.

targeted threats

At the same time, companies are migrating their data and operations into the cloud. Forbes reported that 77% of enterprises store at least one application or a portion of their computing infrastructure in the cloud, with increasing investment year-on-year and commitments from multiple CEOs to become 100% cloud-based in the near future.

Talent Shortage

Amidst this mounting threat and growing dependence on the cloud, one thing is clear: the cybersecurity talent shortage is only becoming more prevalent.


Data and privacy are highlighted by CEOs as one of their top challenges in 2019, and businesses are struggling to recruit the skilled staff or partners required to defend their data against any imminent security breach. In an already talent-scarce environment, the gap between supply and demand is only expected to increase, with the global cybersecurity talent gap predicted to climb to 3.5 million job openings by 2021.

What does this mean for MSPs?


In this climate, MSPs have a unique opportunity to capture market demand by introducing, or scaling up, their security offerings. However, when scaling their SOC, many MSPs are faced with some tough questions:

  • How can I scale my business in a talent-scarce environment?

  • Where can I find the resources and budget to scale a SOC?

  • How can I communicate our value and maintain a profitable business model in a competitive environment?

  • What’s the most efficient and profitable way to offer 24/7/365 support?

How can MSPs scale their security offering in an efficient and profitable way?


If you’re an MSP looking to scale your security offer, this guide is designed to equip you with the information and tools needed to grow your security operations effectively, whilst maintaining profit margins and ensuring sustainable long-term growth.

In this guide, we’ll give you:

  • The right data and insights on why scaling your SOC is important

  • Information to help you evaluate if your business is ready to scale

  • Analysis into which method of scaling will best work for you

  • A step-by-step guide on how to scale your business efficiently and profitably

  • A look at future trends for SOCs and how you can start preparing now

Ready? Let's dive in. 


What are the key challenges facing MSPs looking to scale?

The risks of data loss or leaked information can wreak havoc on businesses, causing reputation damage, disruption to business operations, fines and litigations and, in a worst-case scenario, a complete shutdown.

With the growing volume and sophistication of threats, SOCs are essential to help businesses prevent, detect, and respond to cybersecurity risks.

Following the database breaches of large corporations such as LinkedIn and Sony, and high-profile government email hacking scandals, many executives and senior managers now recognize the importance of a cybersecurity risk management program and are turning to MSPs for their security needs.

detect threat

What problems do MSPs need to solve in order to scale their SOC?


Shortage of talent and skills

MSPs are struggling to find the right talent to help scale their SOC, and to retain them in the long run. MSPs are also competing in the recruitment process with other MSPs and large organizations who have more budget to invest in hiring dedicated professionals.


Budget and time constraints

The average SOC can take more than a year to build and can cost over $750k to set up and maintain. In this highly competitive environment, MSPs can’t afford to wait to develop a SOC. MSPs are also reporting lower profit margins, leading to less capital available to invest up-front in scaling.


Staff around-the-clock

Cybersecurity is a 24/7/365 business and many MSPs can’t afford the staff they need for nights, weekends, and holidays - particularly as many businesses expect this as part of the security offer service.


Increased security alerts

With over 478 threats every minute, cybersecurity analysts are suffering from notification fatigue and struggling to keep up with the growing volume and complexity of today’s cyber-threats.


The need for multiple security tools and technology

From hardware to software, running a security operations center requires a myriad of infrastructure, systems, and processes.

As a growth-minded MSP, ready to scale your SOC, there are a many considerations to explore. Including whether to:

  • Invest in new technology so your analysts have more advanced tools for cybersecurity detection?
  • Improve processes to automate the detection of low-level cybersecurity threats, leaving teams free to work with more clients?
  • Hire more skilled analysts or train up existing analysts to meet the growing needs and demands of businesses?
  • Outsource your SOC operations to help scale more quickly and efficiently, or maintain an on-site response team?

Build, buy, or both: which is better for MSP security services?

Building your own SOC Outsourcing your SOC A hybrid approach
  • On-site response team

  • A clean slate to customize solutions to your business operations and needs

  • Easier to meet internal compliance standards

  • Able to scale on demand

  • Flexible to business needs

  • Quick to implement

  • Faster response to threats thanks to economies of scale

  • Access to top talent

  • Leverage their software and infrastructure

  • Lowers risk of conflict of interest between departments

  • On-site response team

  • A clean slate to customize solutions to your business operations and needs

  • Able to scale on demand

  • Flexible to business needs

  • Quick to implement

  • Faster response to threats thanks to economies of scale

  • Access to top talent

  • Leverage their software and infrastructure

  • Requires large up-front investment

  • Takes longer to build

  • Difficult to find quality talent to staff SOC

  • Need always-on staffing

  • Requires ongoing management, expertise, and training

  • Teams could become insular and slow to respond to new threats

  • Requires ongoing tech maintenance and updates

  • Need to take time to find the right partner

  • Teams need to be integrated into your company culture

  • Requires medium up-front investment

  • Need to take time to find the right partner

  • Teams need to be integrated into your company culture

  • Requires ongoing management, expertise, and training

  • Requires ongoing tech maintenance and updates

Weighing up the costs: outsourced versus in-house

Studies have shown that the outsourced model works better for many MSPs looking to scale, and can lead to significant cost and risk reduction, as well as faster threat detection.

Considered as one of the security operations center best practices, outsourcing your SOC can significantly reduce costs, especially when considering the investment an MSP needs for salary and recruitment, technology, and process updates.

Weighing up costs


The path to scaling your SOC:

Is your business ready to scale?

Although there is plenty of demand in the marketplace, scaling your business is all about timing.
“Scaling prematurely can disguise fundamental problems and distract from what’s most important at the core of your business.”
Emily Hurd, Former SVP of Operations at Rocketrip

Before scaling, consider:


Do you have confidence in your revenue model?

Your security operations center framework needs to be based on a predictive model, with proven ROI and a replicable process over time and with an increase in volume.


Do you have positive cash flow and are you profitable?

Although MSP revenues have increased by 42%, profits have decreased by 30%. You need to be able to predict and control expenses, know how much time and money you are spending to earn your revenue, and see if this is sustainable in the long run.


Do you have a stable core team?

This isn’t necessarily your management team - it is the team of long-term employees that you can count on who currently work in across your existing SOC and NOC teams. Scaling is rarely a smooth road, and these will be the experts to rely on when the business needs it.


Are you confident in your company vision and the value you bring?

Growing your team means on-boarding new employees or business partners to help you realize your vision. This team needs to believe in your company’s mission and your unique selling proposition, in order to attract customers and deliver outstanding service.

A step-by-step guide to scale your SOC


Consider you three levels of protection

When you scale your SOC, there are three levels that should be integral to your managed services offerings.

These include:

Minimal Protection

Protects businesses against standard attacks, data breaches:

  • Monitoring of standard firewall traffic
  • Monitoring of IDS/IPS events
  • Monitoring of events from endpoints
  • Security Awareness training

Enhanced Protection

In addition to Minimal Protection, this includes:

  • Monitoring of Web Content Filtering events
  • Data Loss Prevention monitoring

Full Protection

In addition to Enhanced Protection this includes:

  • Monitoring of events for any signs of data leakage
  • Leverage data from your vulnerability scans to review impact on critical assets.
  • Monitoring of events from critical systems
  • Monitoring events from cloud infrastructure and other applications
  • Enhanced Correlations

Evaluate your priorities and risks

With growth comes priorities and risks, and scaling means picking and choosing what to focus on as a business to bring value to your customers. By evaluating your priorities and risks, you can justify the budget and resource allocations that will bring the most business value.

      1. Define your priorities. Look at your customers and your offering, and consider what is the most important data to protect? If your customers are mainly B2C businesses, protecting their customers' data is key; if it’s mainly fintech, then protecting proprietary technology and sensitive information should be your main focus when scaling your SOC offering.

      2. Risk management. Scaling your SOC means having more customers and more data to take care of, which exposes your business to more risks. Spend some time evaluating the risks you could be exposed to and develop a plan to handle these: for example, if you lose your computers, can your business still run? What’s the impact of a security breach for your customers on the reputation of your business?


Choose how you will scale

Will you invest the time and resources to build your SOC in-house, or will you choose to work with a business partner? Remote staffing has been proven to be more cost-effective and you can scale quickly with minimal on-boarding time.

However, it takes time to find the right team to support your MSP and you should be asking the following questions of your potential SOC partner:

  1. What are your pricing options and how will these change? Do they work on a subscription or project basis and what’s the minimum commitment? As security offerings become more complex, how will this pricing change in the future?

  2. What is your capability to scale with my business? Does your provider have the right resources, technology, and team to grow with your business? If their team or technology can’t support the speed of your growth, you may need to consider a different partner.

  3. What previous use cases and clients do you have? These can be a good starting point to help you understand if your partner has the right expertise and a proven track record of success in operating SOCs.

  4. How will you integrate with my current business processes and operations? How can your provider ensure as little disruption as possible to your customers when migrating operations over, and how will they take the time now and in the future to understand what your business and customers need?


Improve your business processes and mindsets

As an MSP, your business processes need to be more efficient than those of your customers and you have to constantly demonstrate your value in order to ensure sustainable long-term growth. This can be done by:
  1. Utilizing standardized and repeatable processes. As your business scales, small inefficiencies in your current security operations can snowball into costly and time-consuming issues. Spend time testing and refining your processes across a number of clients to ensure these will support you as you grow.

  2. Changing your team mindset. Although you’re a service provider, your team should adopt a business partner approach to bring more value to the companies you work with. Cybersecurity and data protection involves educating your customers, as well as providing support and monitoring – hosting cybersecurity seminars, and surprising and delighting clients can go a long way.

  3. Saving with automation. With more clients and an insurmountable amount of cyber-threats every second, automation is critical to scaling your security operations. Simple and repeatable tasks, such as data entry, dynamic reporting, and low-level threat detection, can be automated to leave your team with more time to focus on customer service and tackling complex threats.

Scaling your security offering: the essential checklist

Do you have a predictable and scalable business model?
Is your company vision and unique selling proposition clearly defined and communicated with your team?
Do you have members within your team that you can rely on?
Do you have a predictable and scalable business model?
Have you identified which parts of your business you can automate to be more efficient?
Is it clear what levels of protection you will have as part of your security offering?
Have you evaluated your priorities and your risks?
Have you decided whether you will build or outsource your SOC?
If you’re staffing remotely, have you asked your SOC provider the right questions to ensure they’re the business partner to help you scale?
Have you considered how you can update your company processes and improve your team mindset to bring more value to your customers?


Preparing for the future: challenges and trends for SOCs

The only predictable part of the cybersecurity industry is that it will change. Scaling your SOC requires constant evolution, and as an MSP your security operations team needs to be prepared and responsive to new challenges and trends in the market.

Data is declining in value – analytics are key for the future

Data can be used in the cybersecurity field to analyze risk and make decisions accordingly. However, currently, SOCs have to deal with an overwhelming amount of data, leaving many analysts struggling to make sense of the magnitude of information available and how to use this to improve business operations.

What comes next? expand_more
Data declining

MSPs will need to shift their SOC focus from reaction mode to analysis mode, and place priority on data that informs business intelligence. Security and business data need to be merged and access to this information centralized into a data lake to help guide analysts in their decision-making process.

Privacy is gone, and data theft is imminent

Cybersecurity and data protection no longer deals in hypotheticals. Businesses are preparing themselves for an imminent security breach, which means that MSPs and their business partners need to have the right organization and tools in place to react swiftly when a breach happens.

What's in the future? expand_more
Privacy Gone

Security operations will be integral to business operations, and more companies will either have CISO roles or integrate security and data protection into the role of the CTO or CIO. For MSPs, the key stakeholders in the business will likely evolve to include different departments, all of whom will have different expectations, priorities, and KPIs.

Automation and AI will become a necessity

Historically, SOCs would respond to attacks by analyzing the threat and the impact, then react accordingly. However, malware and ransomware can modify themselves every few seconds, leaving humans in a constant state of catch-up.

What comes next? expand_more
Automation and Ai

If attacks are happening at machine speed, SOCs need to respond at machine speed – and this can only be done through automation. Automated decision-making is the only way SOCs can continue to protect companies from the increased frequency and adaptability of cybersecurity threats, with the orchestration and automation of machine learning and artificial intelligence (AI) becoming a necessity for security operations in the future.

The talent gap will continue to widen.

By the end of 2019, the global cybersecurity talent shortfall is predicted to be approximately 1.5 million unfilled positions. The talent a SOC needs to succeed will either not be available, be available but quickly leave in pursuit of a better offer, or cost a hefty amount to retain.

What's in the future? expand_more
Talent Gap

With this context, SOCs will need to shift their mindset from hiring for skills to hiring for opportunity and behavior. Although a certain degree of hands-on skills will help, MSPs should focus on finding creative, resourceful, agile, and ethical employees who can be trained to become analysts, rather than the other way around.


Where to from here?

If you’re an MSP and you’re ready to scale your security operations, the good news is that you don’t need to wait. By scaling your SOC team, you can get more valuable hands on deck to help you grow your security offering while remaining agile.

Bolton Secure offers SOC-as-a-Service for growing MSPs who are ready to take the next step.

Using security operations center best practices and a talented team of fully trained analysts, SOC Managers, MSP SIEM content authors, and engineers, Bolton Secure can help you provide your customers with always-on monitoring against the latest security threats – all with predictable pricing that protects your bottom line.


Ready to talk?

Fill out the form below to speak to one of our team about scaling your security services.