A survey on the current state of security operations center (SOC) performance revealed that even though organizations have increased their cybersecurity budget on SOC, the overall results are not satisfactory. It is found that the average annual cybersecurity budget for organizations rose $6 million to $31 million, with the SOC representing one-third of that total.
According to the survey, jointly conducted by Devo Technology and Ponemon Institute, 72% of IT security practitioners in organizations with a SOC classify the unit as essential or very important to their organization’s cybersecurity strategy. However, 1 in 6 (60%) of SOC team members are considering changing their careers due to stress associated with the current field.
The survey also highlighted that high-performing teams have led strong business consensus, with 73% of SOC objectives aligned with business objectives, versus low performers for whom 63% have no alignment at all. The three major actions for organizations to relieve SOC analyst pain are greater workflow automation (71%), implementing advanced analytics/machine learning (63%), and access to more out-of-the-box content (55%).
Other issues SOC teams are facing include:
- 70% suffer a lack of visibility into the IT infrastructure
- 64% combat turf issues between IT and the SOC
- While 76% say training/retention is highly important, more than 50% have no formal programs in place, and more than 50% cite the lack of skilled personnel as a major factor in SOC inefficiency
- Mean time to response (MTTR) remains unacceptably high, with 39% saying their average time to resolve an incident is months or even years
- 71% need greater automation, especially as they continue to spend substantial manual cycles on tasks such as alert management (47%), evidence gathering (50%), and malware protection and defense (50%)
- Environmental factors are driving substantially higher pain, including information overload (67%, up from 62%), burnout from increased workloads (75%, up from 73%) and complexity and chaos in the SOC (53%, up from 49%)
- Not surprisingly, the perennial issue of a skills shortage (seen by more than 50% of respondents) is close to the heart of the issue.
- Organizations have too many tools (nearly 40%), and more than half don’t have all the data necessary, nor the ability to capture actionable intelligence
“For respondents, whose organizations have invested in people, process, and technology, the performance differences are stark. Strong business alignment (73%) and extensive training (67%) help high-performing SOCs more than double the effectiveness of their lower-performing brethren. However, the pain and barriers facing SOC teams are universal and worsening, with higher performers citing 10% more pain at an extreme level (9-10 on a 10-point scale), and virtually no difference in the level below that (7-8),” the survey stated.
The survey findings are based on the responses from 585 IT and IT security practitioners in organizations that have a SOC and aware of their organizations’ cybersecurity practices.