2018 State of the SOC Report

The results are in — on Exabeam’s comprehensive survey of U.S. and U.K. cybersecurity professionals involved in the management of a Security Operations Center (SOC).

In May 2018 Exabeam surveyed SOC professionals across CISO, CIO, analyst, and management roles to gain key information on the hiring and staffing, retention, processes, technologies, training and funding of the SOC.

The results paint a compelling picture of the factors that contribute to a well-run, efficient and effective SOC.

SOC Tenure, Staffing, and Outsourcing

Most SOCs are well established, with 91 percent operating for three years or more. Typically, SOC professionals have a longer tenure in IT than in a SOC.

Figure 1 – Twenty-seven percent of companies have had a SOC 10 plus years

While the majority of SOC professionals think their SOC is correctly staffed (55%), forty-five percent believe that the SOC is understaffed. Of those 45 percent, 63 percent think they could use anywhere from two and 10 additional employees.

While 40 percent of SOCs are outsourced, 95 percent only outsource parts of their SOC, and 5 percent outsource the whole operation. SOCs mostly outsource detection (47%) and monitoring (45%) and have response and expertise (68%) in-house.

What Should Change with the SOC?

While some wouldn’t change anything about their SOC (38%), the majority of survey participants would like to see changes, mainly around technology (17%), staffing (14%) and improving processes (12%).

Figure 2 – Fifty-six percent specified changes they’d like to see in their SOC

Here are what some of the respondents had to say about what should change in their SOC:

“I would centralize the SOC budget around more, very sophisticated anti-hacking technologies rather than the current traditional method.”
– CIO, U.K., 6-8 YRS, $5-9.99 BILLION, FINANCE AND INSURANCE

“I would centralize the SOC budget around more, very sophisticated anti-hacking technologies rather than the current traditional method.”
– CIO, U.K., 3-5 YRS, $5-9.99 BILLION, FINANCE AND INSURANCE

“Trash it all and start over instead of milking ancient legacy systems and hardware.”
– CIO, U.S., 9-10 YRS, $10-49 MILLION, RETAIL

The Varying Top Pain Points in the SOC by Role

The top pain points for CIOs and CISOs are false positives and white noise. For managers, it is the high percentage of out-of-date systems and applications. Frontline workers experience the greatest pain points with documentation and reporting and out-of-date systems.

Figure 3 – The top SOC pain points by role: CIO/CISO, SOC managers, frontline employees

Figure 4 – A disconnect: SOC roles and their different pain points

SOC Technology Adoption and Views on Machine Learning and Artificial Intelligence

The SOCs that rates themselves as highly effective have adopted technology at a higher rate than those that rate themselves as less effective. According to the respondents, machine learning is one of the soonest technologies to impact cybersecurity, while artificial intelligence will take the longest before it is ready to impact the security industry.

Figure 5 – Current technologies adopted by the SOC

To get your own copy of the complete fifty-page report, click here.