For security operations centers (SOCs) that are often in the frontline of business innovation and security, issues like budgeting and staffing are always at the top of the list. But the nature of those challenges can vary from one year to the next. Exabeam helps organizations gauge the temperature of the industry each year through its annual State of the SOC Report, which identifies the various factors that contribute to a successful SOC. This year, as shown in the infographic, staffing and budget remain a top pain point, with budget issues only continuing to feed the challenges that SOC teams face.
Hiring and staffing
It’s no secret that finding top talent for security roles is an ongoing challenge, and that remains the case in 2019. Of those surveyed, 29 percent of highly-effective SOCs report staffing is an issue, compared to 46 percent of less-effective SOCs. One-third of the respondents who reported being understaffed estimate they are short by as many as 6-10 employees indicating it’s more important than ever for SOCs to find a way to improve recruiting efforts and reduce turnover.
Workplace benefits and high wages are top factors in retaining employees, overtaking last year’s top factor, which was a positive, challenging work environment. For recruiters, a focus on soft skills like teamwork, communication, and general social skills has become far more important. In fact, 65 percent of SOCs say they plan to prioritize soft skills in their hiring efforts.
Of SOCs interviewed, 39 percent say that keeping up with security alerts is their top pain point. To remain competitive, SOCs know they need to stay informed on the most important threats facing organizations today. This area remained steady from 2018 to 2019, with 39 percent of SOCs reporting big data analytics as a top priority in both years. Last year, 23 percent of SOCs reported that user and entity behavior analytics (UEBA) was a priority, a rate that dropped slightly in 2019 to 22 percent.
Business intelligence showed a sharp increase this year, highlighting the increasing role it’s playing in everything consumers and businesses do. In 2019, 23 percent of SOCs see artificial intelligence as an important factor in an organization’s technology, up from only 19 percent in 2018. Machine learning also saw an increase in prioritization, moving up three percentage points to 21 percent in 2019.
Security personnel are putting an extraordinary amount of time toward reporting and documentation, with 33 percent of respondents stating it as a top pain point. Both CIOs and CISOs report seeing this problem more with inexperienced staff than those who have logged more time in the cybersecurity field. Other pain points for SOCs include out-of-date systems, false positives and white noise, alert fatigue, and false negatives.
Incident response remains a big challenge for many SOCs, as professionals struggle to respond to alerts in real time. For CISOs, this is a far bigger pain point than for SOC analysts, with 52 percent of CISOs naming it as the top issue. SOC analysts, on the other hand, are focused heavily on incident escalation, naming it as a higher pain point than incident response. The good news is that smaller SOCs have dramatically improved their incident response in 2019, although large SOCs have seen a significant decline in their responsiveness.
Finance and Budget
Unfortunately, finding the finances to fund SOC operations remains a challenge. In fact, despite the demand for it, technology investment continues to be the most underfunded area of SOCs. This sentiment is felt more strongly by Americans than their counterparts in the UK. Respondents say that investments in new/modern technology are the top need in future years, while financing staffing demands is the number two priority. Respondents also say investment in automation will be a pressing need in the coming years.
Exabeam’s 2019 State of the SOC Report is the result of an extensive survey of US- and UK-based security experts on the various challenges they face today. The infographic below shows the highlights of the report. For more details, you can download a copy of the report, which provides an in-depth discussion of the findings from the survey.