2018 State of the SOC Report - Exabeam

2018 State of the SOC Report

Published
June 06, 2018

Author
Maritza Marie Dubec

The results are in — on Exabeam’s comprehensive survey of U.S. and U.K. cybersecurity professionals involved in the management of a Security Operations Center (SOC).

The results are in — on Exabeam’s comprehensive survey of U.S. and U.K. cybersecurity professionals involved in the management of a Security Operations Center (SOC).

In May 2018 Exabeam surveyed SOC professionals across CISO, CIO, analyst, and management roles to gain key information on the hiring and staffing, retention, processes, technologies, training and funding of the SOC.

The results paint a compelling picture of the factors that contribute to a well-run, efficient and effective SOC.

SOC Tenure, Staffing, and Outsourcing

Most SOCs are well established, with 91 percent operating for three years or more. Typically, SOC professionals have a longer tenure in IT than in a SOC.

Figure 1 – Twenty-seven percent of companies have had a SOC 10 plus years

While the majority of SOC professionals think their SOC is correctly staffed (55%), forty-five percent believe that the SOC is understaffed. Of those 45 percent, 63 percent think they could use anywhere from two and 10 additional employees.

While 40 percent of SOCs are outsourced, 95 percent only outsource parts of their SOC, and 5 percent outsource the whole operation. SOCs mostly outsource detection (47%) and monitoring (45%) and have response and expertise (68%) in-house.

What Should Change with the SOC?

While some wouldn’t change anything about their SOC (38%), the majority of survey participants would like to see changes, mainly around technology (17%), staffing (14%) and improving processes (12%).

Figure 2 – Fifty-six percent specified changes they’d like to see in their SOC

Here are what some of the respondents had to say about what should change in their SOC:

“I would centralize the SOC budget around more, very sophisticated anti-hacking technologies rather than the current traditional method.”
– CIO, U.K., 6-8 YRS, $5-9.99 BILLION, FINANCE AND INSURANCE

“I would centralize the SOC budget around more, very sophisticated anti-hacking technologies rather than the current traditional method.”
– CIO, U.K., 3-5 YRS, $5-9.99 BILLION, FINANCE AND INSURANCE

“Trash it all and start over instead of milking ancient legacy systems and hardware.”
– CIO, U.S., 9-10 YRS, $10-49 MILLION, RETAIL

The Varying Top Pain Points in the SOC by Role

The top pain points for CIOs and CISOs are false positives and white noise. For managers, it is the high percentage of out-of-date systems and applications. Frontline workers experience the greatest pain points with documentation and reporting and out-of-date systems.

Figure 3 – The top SOC pain points by role: CIO/CISO, SOC managers, frontline employees

Figure 4 – A disconnect: SOC roles and their different pain points

SOC Technology Adoption and Views on Machine Learning and Artificial Intelligence

The SOCs that rates themselves as highly effective have adopted technology at a higher rate than those that rate themselves as less effective. According to the respondents, machine learning is one of the soonest technologies to impact cybersecurity, while artificial intelligence will take the longest before it is ready to impact the security industry.

Figure 5 – Current technologies adopted by the SOC

To get your own copy of the complete fifty-page report, click here.

Recent Security Operations Center Articles

Demystifying the SOC, Part 5: The New SOC Maturity Model based on Outcomes

Read More

Threat Hunting: Methodologies, Tools and Tips for Success

Read More

Demystifying the SOC, Part 4: The Old SOC Maturity Model based on Speeds and Feeds

Read More

Demystifying the SOC, Part 3: Whether You Know It or Not, You Have a SOC

Read More

Demystifying the SOC, Part 2: Prevention isn’t Enough, Assume Compromise

Read More



Recent Information Security Articles

Introducing the XDR Alliance!

Read More

Dazed and Confused by the XDR Telenovela?

Read More

Calling all SOC Warriors: Announcing The 2021 Exabeam Cybersecurity Excellence Awards!

Read More

Detecting the Exploitation of Pentesting Tools: Gaining Power Over PowerShell

Read More

Helping Retailers Deliver a Secure Omnichannel Experience

Read More