The majority of companies in Spain decide to outsource at least part of their Security Operations Center (SOC), and a significant number opt for the SOC-as-a-Service (SOCaaS) model, according to a study by Kaspersky. This strategy allows organizations to have 24/7 protection, comply with regulatory requirements and access advanced cybersecurity solutions and qualified professionals that, in many cases, exceed the available internal capabilities.

As cyber threats become more sophisticated, Spanish organizations are rethinking how they design and operate their SOCs. With this objective, Kaspersky carried out a survey to identify the main motivations, strategic objectives and challenges associated with the planning and implementation of these centers in the Spanish market. The results reveal that 71% of companies in Spain plan to outsource part of their SOC, combining internal capabilities with external experience. Furthermore, almost a quarter of respondents (20%) in our country are prepared to implement a complete SOC-as-a-Service model. In contrast, only 9% plan to build their SOC entirely in-house, highlighting the difficulties in maintaining continuous monitoring and attracting specialized talent.

SOC outsourcing allows organizations to delegate specific functions or even the entire operational cycle to a trusted external provider. This approach can encompass different services, such as SOC design and architecture, deployment and maintenance of technologies, monitoring and analysis by external analysts, consulting and training services, or the complete provision of a SOCaaS, in which the provider is responsible for detection, investigation and response on a continuous basis.

In general, companies in Spain tend to keep the most strategic functions internally, while they turn to external suppliers and specialized technologies to assume operational and more technically complex tasks. Among organizations that plan to outsource part of their SOC functions, the most frequently delegated activities are solution development and delivery (56%), SOC design (42%), and solution installation and deployment (39%).

By turning to external SOC specialists, Spanish companies also show a clear preference for strengthening certain profiles. First-level (38%) and second-level (42%) analysts are the most in demand among external specialists, reflecting that organizations concentrate outsourcing on front-line and intermediate tasks, such as monitoring and threat response.

Why do organizations choose to outsource SOC?

The main reason is the reduction in the workload of internal IT security specialists (47%), allowing them to focus on tasks of greater strategic value. Another key benefit is the need for 24/7 protection (44%), an operational requirement that many internal teams in Spain cannot sustain on their own.

Access to advanced solutions and technologies (43%) and external support to ensure compliance with regulations and regulatory standards (43%) also have a decisive influence on Spanish companies, highlighting the value of specialized experience and advanced tools such as XDR, MDR, MXDR and others.

Budget optimization is only a determining factor for 33% of companies in Spain, which indicates that the main value of outsourcing lies in improving the level of protection, beyond cost savings.

The main value of outsourcing lies in improving the level of protection, beyond cost savings

“The tendency to outsource SOC functions, in whole or in part, responds to the need to gain operational efficiency and strategic agility. By delegating the most routine and technical tasks to third parties, organizations can focus on higher value activities, such as strategic decision making or coordination of response to complex threats. In addition, this approach often translates into cost savings and more efficient use of resources, making SOC a key strategic capability that directly contributes to business continuity,” says Sergey. Soldatov, head of the Security Operations Center at Kaspersky.

For companies planning to create a SOC, Kaspersky recommends:

• Collaborate with Kaspersky SOC Consulting during the initial implementation phase or when reinforcing existing security operations, with the objective of building a solid SOC and optimizing its processes.

• Improve security performance with Kaspersky SIEM, powered by advanced AI capabilities, which aggregates, analyzes and stores log data from across your IT infrastructure, providing context and actionable threat intelligence.

• Protect the organization against a wide range of threats with solutions from the Kaspersky Next line, which offer real-time protection, threat visibility and EDR and XDR investigation and response capabilities for organizations of any size and sector.

• Provide the cybersecurity team with deep visibility into threats directed at the organization. Kaspersky Threat Intelligence provides contextual information throughout the entire incident management cycle, facilitating early risk identification.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.