Few organizations can afford the cost of a dedicated and fully staffed SOC with initial startup and annual operating costs in the millions of dollars. Many businesses are outsourcing the SOC and SIEM functions to third party service providers. This requires that the service provider have complete access to network sensors, logs, and security controls. Outsourcing these vital and very sensitive functions is putting the entire network’s safety in the hands of ‘strangers’.
The risk in outsourcing a SOC come from the vendor staff infiltrated or compromised by malicious parties, or the vendor’s supply chain integrity compromised at a downstream point. A staff member that handles shared SOC functions for several high value clients offers a tempting target for blackmailers or extortionists. Similarly, vendor hardware or software can be a source of malware infection or backdoor insertion. Replacing a processor in one of the vendor’s edge routers or VPN concentrators with a rogue copy that also forwards packets to a remote IP address would open all the security clients to possible exploit.
More Info:
https://isc.sans.edu/forums/diary/Pro+Con+of+Outsourcing+your+SOC/22253/