A new report, from Exabeam, highlights key challenges faced by those who manage and work in Security Operations Centres (SOCs). The inaugural ‘State of the SOC’ report highlights technology challenges; hiring and staffing issues; processes and pain points; as well as finance and funding difficulties, all of which have the potential to limit the ability of SOCs to tackle ever increasing volumes of security alerts and potential cyber attacks. The report also identifies a number of key differences between US and UK SOCs.
This study sought the opinion of IT professionals working in a SOC from the most senior to those managing and working at the coal-face. In some instances there were stark differences of opinion between executives and their teams. This was especially noticeable around technology, where 79% of managers and frontline employees expressed frustration with out-dated equipment, compared to 22% of CIO and CISOs. However, all job functions highlighted false positives and keeping up with security alerts as a top of mind concern.
Hiring and staffing:
- 45% of SOC professionals believe their SOC is understaffed, and of those, nearly two thirds (63%) think they could use anywhere from an additional 2-10 employees
- 62% of managers and frontline employees see inexperienced staff as a key pain point, compared to just one fifth (21%) of CIO & CISOs
- The most important skills were identified as:
- Data loss prevention, ability to work in teams and malware software
- Gaps in current skills include digital forensics, and communication and soft skills
Technology trends and pain points:
- Nearly half of all respondents (47%) cited keeping up with security alerts as the biggest pain point
- Technology is two times more of a pain point for front-line workers (50%) than the c-suite (22 percent)
- 79% of managers and frontline employees are concerned with out-dated equipment, compared with just 22 percent of CIO & CISOs
- More than half of SOC professionals (54%) believe technology (in the SOC) is underfunded
- Machine learning technologies are perceived as some of the soonest to impact the security space, whereas artificial intelligence will take the longest
Finance and budget:
- Over half of respondents (51%) expressed satisfaction with funding levels related to the SOC, but unsurprising the majority (81 percent) stated they would like more budget
- Half (51%) of companies have a cyber insurance policy in place. SOCs in the UK are more likely to have cyber security insurance than their US counterparts. Protection of data is the biggest driver for cybersecurity insurance (47%). Those that don’t have it feel that it is unnecessary or too expensive (45%)
Nir Polak, CEO at Exabeam, commented: “Enterprises today face an ever-increasing number and variety of threats – and any disconnect between SOC leadership, and those on the ground managing day-to-day operations – no matter how small – should signal an alarm bell. The perceived lack of investment in technology was particularly worrying. Organisations need the advanced security intelligence that technology delivers – without it they leave themselves open to the worst that cyber criminals have in their war chests.”
To download the full report, click here.