Exabeam Report: 82% of SOCs ‘Confident’ in Ability to Detect Threats
Corporate security operations centers (SOCs) are becoming increasingly confident in their ability to identify cyber threats, despite the fact that the majority of frontline workers do not track mean time to detection (MTTD), according to the “2020 State of the SOC Report” from security information and event management (SIEM) company Exabeam.
Key findings from Exabeam’s report included:
- 82 percent of SOCs said they are confident in their ability to detect cyber threats; conversely, 78 percent of frontline workers indicated they do not track MTTD.
- More than half of SOCs log at least 40 percent of their events in an SIEM platform.
- 40 percent of SOCs are “effective” in their approach to enterprise security, 35 percent are “highly effective” and 25 percent are “ineffective.”
- SOC leaders rank phishing and supply chain vulnerabilities as the most important issues, while SOC analysts cite distributed denial-of-service (DDoS) attacks and ransomware as greater threats.
- Monitoring and analytics, access management and logging are high priorities for all SOC roles.
Furthermore, most SOCs said they expect to use SIEM, user entity and behavior analytics (UEBA), next-generation security orchestration, automation and response (SOAR) and SOC automation tools in the years to come, the Exabeam report revealed.
Staff Shortages, Lack of Qualified Cybersecurity Talent Plague SOCs
The Exabeam report also highlighted various SOC staffing trends, such as:
- SOC outsourcing declined from 36 percent to 28 percent year over year in the United States, while it rose from 36 percent to 47 percent year over year in the UK.
- 40 percent of organizations deal with staff shortages and finding qualified cybersecurity talent.
- 64 percent of frontline workers cite a lack of career path as a reason for leaving their jobs.
- Workplace benefits, high wages and a positive culture are the top drivers for high employee retention for nearly 60 percent of SOCs.
SOCs may use a combination of staffing, training and technology to upgrade their operations. In doing so, SOCs can ensure their personnel have the skills and tools they need to protect organizations against cyber threats.