The truth is that many firms simply don't have the staff and budget needed to support an internal SOC. They also don't have the budget for an MSSP. With that, Mike Rothman of Securosis noted that these firms are "trapped on the hamster wheel of pain, reacting without sufficient visibility, but without time to invest in gaining that much-needed visibility into threats without diving deep into raw log files".
In my experience it is not the budget but the politics.
Until failing to follow them costs the company millions due to $problem. Then, they'll fire half of IT, make the other half do two jobs in addition to demanding the highest standards while giving no budgetary or political support.
lather.. rinse.. repeat..
Professional wrestling: ballet for the common man.
My experience is different. (Score:4, Insightful)
In my experience it is not the budget but the politics.
Is your company's security worth the expense of
Re:My experience is different. (Score:0)
If there isn't legislation requiring it, and there is no real competitive advantage to having it, why would a company invest in it?
Re: (Score:2)
Until failing to follow them costs the company millions due to $problem. Then, they'll fire half of IT, make the other half do two jobs in addition to demanding the highest standards while giving no budgetary or political support.
lather.. rinse.. repeat..