State of the SOC? Depends on Who You Ask
Exabeam released its 2018 State of the SOC Report, which revealed that many organizations don’t have the right people and technology to man their Security Operations Centers (SOCs). The consequence is that they are leaving themselves open to potentially devastating cyber-attacks and alert fatigue, according to the report.
While 91% of SOCs have been operating for three or more years, CIO and CISO managers are more focused on preventative measures and process improvements than frontline workers, the report found.
The survey queried IT pros working in a SOC – from the most senior to those managing and working on the front lines – and the responses reflect the stark differences of opinion between executives and their teams. Of the respondents, 28% of frontline workers focus on automation where 55% of CIO/CISO and management focus on automation.
Less than half (40%) of SOCs are reportedly outsourced, but 95% outsource parts of the SOC. Of those that outsource in part, 45% outsource monitoring while 47% outsource detection. Only 5% of SOCs outsourced entirely.
Without a connected SOC team, many operations teams aren’t able to protect themselves, which was especially noticeable around technology. Job functions had little impact on those who reported false positives and keeping up with security alerts as their top-of-mind concerns.
A large majority (79%) of managers and frontline employees expressed frustration with outdated equipment. While a portion of survey participants (38%) wouldn’t alter anything about the SOC, many would like to see changes. Of the total respondents, 17% would like to see changes around technology, 14% around staffing and 12% around processes.
Nearly half of all respondents (4%) said that the volume of security alerts is the biggest pain point, which correlates with the high number of SOC professionals that believe their SOC is understaffed, with 63% of SOC professionals reporting that they could use anywhere from 2-10 more employees. Additionally, most SOC professionals have a longer tenure in IT than in the SOC.
Source: Information Security Magazine