A recent survey from the security management provider Exabeam revealed that 82% of security operations centers (SOCs) are confident to detect potential cyberthreats. According to the survey “2020 State of the SOC Report,” 40% of organizations still struggle with SOC staff. Only 22% of frontline staff tracking mean time to detection (MTTD), which helps to determine attackers’ dwell time. It is also found that the dwell time, the time between when a breach first occurs and when it is first detected, has increased exponentially.
The survey also highlighted that there is a disparity between SOC leaders and frontline analysts on the most common cyberthreats on organizations. It is found that SOC leaders believe phishing and supply chain vulnerabilities are critical issues, while analysts see DDoS attacks and ransomware as major threats.
Other research findings include:
- Small- and medium-sized teams are especially more concerned with downtime or business outage (50%) over threat hunting as an operational metric, yet threat hunting stands out as a must-have hard skill (61%)
- SOC outsourcing in the U.S. has declined year over year (36% to 28%)
- K.’s outsourcing had a year over year increase (36% to 47%)
- Australian SOCs struggle in most categories and need improvement in technology updates, monitoring events and responding to incidents
- More than 50% of SOCs were found to log at least 40% of events in a SIEM
- The U.K. utilizes logging the most, compared with other geographic counterparts
- Most SOCs expect to see security orchestration, automation and response (SOAR) tools take precedence over other technologies in upcoming years
- The U.S. and the U.K. SOCs have shown year over year improvements in recruiting costs and identifying candidates with the right expertise. Workplace benefits, high wages and a positive culture were this year’s top drivers for retention in nearly 60% of SOCs
- 23% of SOC personnel across the U.S. and 35% across Canada report being understaffed by more than 10 employees
- 64% of frontline employees in the SOC reported a lack of career path as a reason for leaving jobs
- Less effective SOCs reported feeling they lacked the necessary investment in technology, training and staffing to do their jobs well
The survey findings were based on the responses from security decision-makers across the U.S., the U.K., Canada, Germany, and Australia. The survey is aimed to determine how analysts and SOC management view key aspects of their operations, hiring and staffing, retention, technologies, training, and funding.
Steve Moore, the chief security strategist at Exabeam, said, “We see great progress in the SOC with attention paid to employee well-being, measures for better communication and more. However, disparate perceptions of the SOCs’ effectiveness could be dangerously interpreted by the C-suite as assurances that the company is well-protected and secure, when it’s not.”