How Effective Is Your SOC? Annual State of the SOC Survey Reveals Top Challenges for SOCs [infographic]
Security operations centers (SOCs) have evolved rapidly since the first generation of SOCs were built in the mid-1970s to defend against low impact malicious code for defense organizations and government agencies. Each year brings fresh challenges and new threats, which security analysts must scale to meet. To help with that, Exabeam conducts an annual survey “2020 Exabeam State of the SOC Report” of security professionals in Australia, Canada, Germany, the U.K., and the U.S. to understand the issues SOCs currently face.
The infographic “How Effective Is Your SOC?” shows the highlights of the report this year: SOC teams are focusing on hiring, threat detection processes, and the always-increasing role cloud technology is playing in cybersecurity.
Hiring and staffing is key
Finding and retaining top talent has long been an issue for SOCs, as well as the IT industry as a whole. Hard skills, such as network administration, network architecture, and content creation, remain a top priority, but 62 percent of SOCs now emphasize soft skills, such as the ability to work in teams, communicate effectively, and manage people.
Of the hard skills SOCs find most important, threat hunting is perhaps the most pressing. SOC personnel report that among the top hard skills, threat hunting is the one they feel less equipped to resolve. The most important soft skill, according to survey responses, is communication.
But although 38 percent of organizations report their SOC is understaffed, the results are different when looking at responses from less-effective SOCs. With less-effective SOCs, 48 percent actually say they feel overstaffed. The challenge they face most is in lacking the investment necessary to train and provide the resources necessary to do an effective job.
Process makes perfect
Once concerning result from the survey was the response to questions regarding overall processes. Since last year’s survey, confidence among U.S. and U.K. SOCs declined, with SOCs from these areas reporting a lower ability to perform threat modeling and budget/resource allocation.
But U.S. SOCs still rated themselves higher in terms of effectiveness, topped only by German SOCs. In fact, this year’s study showed that 82 percent of SOCs are confident in their ability to find cyber threats.
But that confidence is contradicted by the fact that only 22 percent of frontline workers track mean time to detection. Additionally, half the SOCs reported logging only up to a maximum of 40% of events in their SIEM, indicating they have no visibility into more than half the activities in their organizations.
In fact, frontline employees had the least confidence of all employees when it comes to their overall abilities in conducting threat modeling. SOC managers showed the most confidence, at 51 percent, while 43 percent of CIOs and CISOs showed confidence, compared to only 17 percent of frontline workers.
Cloud takes center stage
The cloud is front and center now, with most businesses having moved at least some of their operations to the cloud. SOCs have adapted to this shift, changing their own threat detection processes to match these changing demands. This means not only adjusting priorities, but also adjusting their expectations about the tools that will be most essential in the future and the top pain points businesses grapple with today.
According to survey responses, biometrics authentication and SOAR (security orchestration, automation, and response) will be the top tools in the next three to five years. Over the next 12 months, though, advanced network, cloud monitoring, and big data security analytics are said to be the most pressing tools.
That’s perhaps no surprise, considering SOCs feel that access management (69%) and monitoring and analytics (66%) will be top priorities for SOC personnel in the coming years.
When thinking about the tools that will be most essential, it can help to look at the biggest pain points SOCs currently face. In the survey, SOC teams listed keeping up with security alerts (35%) and coordinating information between cybersecurity and IT (34%) as their biggest pain points. They also grapple with the complexity of today’s security tools and wasted time chasing false positives.
By taking the temperature of SOCs in Australia, Canada, Germany, the U.K., and the U.S. each year, we hope to help teams better prepare. To read the results of the annual survey, download our report, “2020 Exabeam State of the SOC Report” and check out the full infographic “How Effective Is Your SOC?” below.