Turf Battles and Silo Issues in 64% of Organizations Damage SOC ROI, Even for High-Performing Teams
CAMBRIDGE, Mass., June 23, 2020 (GLOBE NEWSWIRE) -- Devo Technology, the data analytics and security company, today announced the results of a survey on the current state of security operations center (SOC) performance, finding that while some organizations have increased funding, the overall gains have been meager, and the most significant issues have not only persisted, but worsened. This second annual Devo SOC Performance ReportTM, based on a survey conducted by Ponemon Institute, examines many of the same issues as last year, and found 60% of SOC team members are still considering changing careers or leaving their jobs due to stress. The survey, conducted in March and April 2020, queried IT and IT security practitioners in organizations that have a SOC.
On the positive side, the importance of investing in a SOC remains high, with 72% of respondents categorizing the SOC as “essential” or “very important” to their organization’s overall cybersecurity strategy, up 5% year-over-year. Additionally, the average annual cybersecurity budget for organizations rose $6 million to $31 million, with the SOC representing more than one-third of that total. For respondents whose organizations have invested in people, process, and technology, the performance differences are stark. Strong business alignment (73%) and extensive training (67%) help high-performing SOCs more than double the effectiveness of their lower-performing brethren. However, the pain and barriers facing SOC teams are universal and worsening, with higher performers citing 10% more pain at an extreme level (9-10 on a 10-point scale), and virtually no difference in the level below that (7-8).
The major areas of pain and resistance include:
“At first blush, the data from the survey made it appear that SOCs are advancing, but it turns out the budget growth and successes hide substantial pain—and to achieve even these modest successes consumes considerable resources,” said Julian Waits, general manager, cybersecurity at Devo. “While the focus and efforts of high-performing SOCs are driving them to be successful in spite of increasing barriers, that success comes at an unacceptable human cost. Seventy-eight percent of respondents say working in the SOC is very painful. Even more troubling, 69% say that experienced analysts would quit the SOC because of stress. It’s clear that significant reforms must be made to achieve greater SOC efficiency and engagement—with less analyst stress—especially in the face of a new economic normal that will likely constrain investments for some time to come.”
For all the friction and pain, high-performing teams are continuing to advance the benefits SOCs provide organizations and should be commended for their efforts. Most importantly, high-performing teams have driven strong business consensus, with 73% of SOC objectives aligned with business objectives, versus low performers for whom 63% have no alignment at all. Among the lessons that can be learned from the findings, the top three actions cited to demonstrably alleviate SOC analyst pain are greater workflow automation (71%), implementing advanced analytics/machine learning (63%), and access to more out-of-the-box content (55%).
Commissioned by Devo, Ponemon Institute surveyed 585 IT and IT security practitioners in organizations that have a SOC and are knowledgeable about their organizations’ cybersecurity practices. Respondents’ primary tasks are implementing technologies, patching vulnerabilities, investigating threats, and assessing risks. The survey was conducted between March 11 and April 5, 2020.
Devo will host a virtual panel discussion, A Tale of Two SOCs: Striving for SOC Effectiveness, on Thursday, July 23, 2020. Moderated by Sean Martin of ITSPmagazine, industry cybersecurity leaders will share their experiences establishing highly productive security teams and key lessons that can be applied for improving the effectiveness of security operations.
CHEN PR for Devo Technology