Security operations center in a nutshell
Is your defensive perimeter dynamically reconfiguring itself to defend against new threats that can impact your organisation? You may need/want a team to keep your security perimeter constantly updated against new and evolving threats around the clock.
A Security Operations Center minimally does:
Proactive detection of malicious network and system activity. You do not want to wait the average 206 days it takes most companies to detect a breach. You want to know as quickly as possible to minimise the effect of the breach.
Threat awareness to adjust defenses before the threat hits your organisation.
Vulnerability management to see what may be vulnerable on your network to new threats before you get hit with them.
Awareness of hardware and software assets running on your network for you to become more aware of possible threats to them.
Log management in a way to give you and any authorities the ability to complete forensics if you do incur an incident or breach.
And it is expensive. The cost for hardware for sensors and software you need pales in comparison to the people cost. And the people are hard to find because the required security analysis skill set is in high demand - shortage reaching 1.8 million professionals.
Luckily a lot of people are seriously training for these roles, in nose-down, practical ways, which eventually will bring the price down. See some SOC related writeups in Blue team.
You can also “share resources” by hiring a Managed Security Services company. It may be cheaper. Or not.