Fully managed SOC has been the talk of the industry for a few years now. This model of operations provides you with the ability to outsource or offload the entire SOC process to a third-party vendor, with full access to its trained resources, SIEM and detection technologies, and proven processes. Your SOC gets a boost from 0 to 100 in no time. Organizations will usually send all the telemetry, visibility data, and logs to the vendor-managed SOC data centers, from where the managed security service provider (MSSP) will analyze the data for security incidents/events. The benefit of an MSSP is higher than the other two models, because you as an organization will almost immediately get access to a matured SOC. An outcome-based result can be expected from MSSP, providing highly accurate detection and response, with advanced level-detection and response technologies. MSSPs have a very experienced and skilled pool of staff to monitor, analyze, and investigate. Scalability and crisis management is another benefit of a fully managed SOC, where you don't have to worry about whether you need to monitor more devices or applications for any reason, or if there is a major incident and you might need additional resources to help through that situation. MSSPs normally have affiliations and access to agencies and vendors who provide highly enriched and actionable threat data that is relevant to your business, which is crucial for advanced detection capabilities. One other benefit of having a fully managed SOC is the industry-level visibility and threat data sharing; if another attack is noticed with another customer of a similar type, that attack information and threat intelligence is almost immediately available to you as an advisory and within the detection infrastructure. In general, MSSP vendors will have access to large data centers for storage and retention for you to take advantage of it. The only part that you may still have to own is the governance of your SOC and remediation of threat in case of an attack. The current MSSP model is the most popular SOC model.
To learn how Microsoft operates SOC, check out https://www.microsoft.com/security/blog/2019/02/21/lessons-learned-from-the-microsoft-soc-part-1-organization/. To learn how Google operates SOC, visit https://medium.com/google-cloud/google-cloud-platform-security-operations-center-soc-data-lake-4b31e011f622. To learn how FireEye helps how to build SOC, https://www.fireeye.com/services/mandiant-cyber-defense-center-development.html.