IT disaster recovery, cloud computing and information security news

SOC Performance Report finds that many are struggling

Devo Technology has published the results of its third annual SOC Performance Report (SPR), a survey on the current state of security operations center / centre (SOC) performance, conducted by Ponemon Institute in September 2021.

While last year’s report found high-performing organizations advancing even in the face of substantial workforce challenges, this year’s report finds ‘significant, and even crippling,’ disconnects in perception between SOC leadership and staff in terms of organizational effectiveness and capability—with more than 60 percent rating communication average-to-below-average, and more than a third ranking it below average.

The global survey captured and contrasted the insights of more than 1,000 cyber security professionals, with 535 operating at a leader level (senior executives, vice president, director or manager) and 485 operating at a staff/practitioner level (supervisor, technician staff or contractor).

While last year’s survey found positive and modest gains in focus, funding and training, the numbers have largely plateaued this year, and the major challenges for organizations across the board remain roadblocks.

More than 70 percent of SOC staff rate their ‘pain’ level from a seven to 10 on a scale of 10, and ‘turf and silo’ issues are still plaguing a majority of organizations, with more than 60 percent citing them as a primary barrier to success. This persistent issue shines a new light on oversight of the SOC as a challenge, with more than 40 percent citing lack of leadership or lack of executive-level support as a major barrier to success.

This is notable when you examine the discrepancy in perception of how the SOC is working between leaders and staff, including:

  • Half of leaders assessed their SOC as highly effective versus less than 40 percent of staff.
  • More than half of leaders lauded the investigative capabilities of their SOC, while only one-third of staff gave it high marks.
  • In assessing the communication of SOC strategy ‘to the trenches’, nearly 60 percent ranked communication as average or below average, with more than one-third rating communication as solidly below average.

“The growing perception gap over SOC efficiency between operational leaders and practitioners should be seen as a warning sign of simmering frustrations that can have implications on SOC efficacy and analyst retention,” said Gunter Ollmann, CSO of Devo. “Whether complacency or still navigating new modes of work and staffing in the past year, organizations can’t afford to stall in advancing their defenses against what is a growing onslaught of attacks. It would seem that, while they weathered a storm in the past few years, organizations need a leadership and resource ‘booster shot’ to keep building a better defense for what comes next.”

"Enterprises have spent the past several decades adding cyber security technology capabilities that increase the volume of alerts to the SOC,” said Jim Routh, board member, advisor and former CISO. “Enterprise leaders need to spend the next decade improving their data analytical skills and infrastructure to lower the volume of cyber alerts and make more alerts actionable through data science and automation."

In addition to the realities that staff burnout hasn’t dropped and information overload has only increased for organizations, half of SOC teams across the board cited a lack of talent as a major impediment and more than 60 percent lack visibility into the IT infrastructure. These persistent pain points for all SOC teams remain areas that require focus, training, and the right technology mix.
Other key findings in the survey related to SOC analyst pain include:

  • 72 percent of respondents rated the pain of their SOC analysts at a seven or above on a 10-point scale.
  • When asked, ‘What makes working in the SOC painful?’ 70 percent said information overload, followed by lack of resources (58 percent), and inability to capture actionable intelligence (56 percent).
  • 63 percent of survey respondents said that on-the-job pain in the SOC has caused them to consider changing careers or leaving their jobs.

More details.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.