SOC Performance Report finds that many are struggling

Published: Friday, 17 December 2021 09:06

Devo Technology has published the results of its third annual SOC Performance Report (SPR), a survey on the current state of security operations center / centre (SOC) performance, conducted by Ponemon Institute in September 2021.

While last year’s report found high-performing organizations advancing even in the face of substantial workforce challenges, this year’s report finds ‘significant, and even crippling,’ disconnects in perception between SOC leadership and staff in terms of organizational effectiveness and capability—with more than 60 percent rating communication average-to-below-average, and more than a third ranking it below average.

The global survey captured and contrasted the insights of more than 1,000 cyber security professionals, with 535 operating at a leader level (senior executives, vice president, director or manager) and 485 operating at a staff/practitioner level (supervisor, technician staff or contractor).

While last year’s survey found positive and modest gains in focus, funding and training, the numbers have largely plateaued this year, and the major challenges for organizations across the board remain roadblocks.

More than 70 percent of SOC staff rate their ‘pain’ level from a seven to 10 on a scale of 10, and ‘turf and silo’ issues are still plaguing a majority of organizations, with more than 60 percent citing them as a primary barrier to success. This persistent issue shines a new light on oversight of the SOC as a challenge, with more than 40 percent citing lack of leadership or lack of executive-level support as a major barrier to success.

This is notable when you examine the discrepancy in perception of how the SOC is working between leaders and staff, including:

“The growing perception gap over SOC efficiency between operational leaders and practitioners should be seen as a warning sign of simmering frustrations that can have implications on SOC efficacy and analyst retention,” said Gunter Ollmann, CSO of Devo. “Whether complacency or still navigating new modes of work and staffing in the past year, organizations can’t afford to stall in advancing their defenses against what is a growing onslaught of attacks. It would seem that, while they weathered a storm in the past few years, organizations need a leadership and resource ‘booster shot’ to keep building a better defense for what comes next.”

"Enterprises have spent the past several decades adding cyber security technology capabilities that increase the volume of alerts to the SOC,” said Jim Routh, board member, advisor and former CISO. “Enterprise leaders need to spend the next decade improving their data analytical skills and infrastructure to lower the volume of cyber alerts and make more alerts actionable through data science and automation."

In addition to the realities that staff burnout hasn’t dropped and information overload has only increased for organizations, half of SOC teams across the board cited a lack of talent as a major impediment and more than 60 percent lack visibility into the IT infrastructure. These persistent pain points for all SOC teams remain areas that require focus, training, and the right technology mix.
Other key findings in the survey related to SOC analyst pain include:

More details.