SOC Research: Security Operations Center Performance Perspectives
Many organizations are investing in their security operations centers (SOCs), but most SOCs still experience performance issues, according to the second-annual “SOC Performance Report” from data analytics and security company Devo Technology.
Key findings from Devo’s report include:
- 72 percent of organizations classify the SOC as “essential” or “very important” to their cybersecurity strategy.
- 70 percent say it is “very likely” or “likely” that their organization will introduce new tools designed to improve SOC operations.
- On average, the annual cybersecurity budget is $31 million; the SOC represents one-third of this total.
Although many organizations recognize the importance of SOCs, 78 percent of IT security practitioners said working in the SOC is “painful,” the Devo report revealed.
Poor Visibility, Silo Issues Hinder SOC Performance
The Devo report highlighted some of the biggest SOC pain points, such as:
- Visibility: 70 percent of organizations said they lack visibility into their IT security infrastructure.
- Silos: 64 percent experience turf or silo issues between IT and the SOC.
- Environment: Environmental factors such as burnout from increased workloads (75 percent), information overload (67 percent) and “complexity and chaos” in the SOC (53 percent) hamper SOC performance.
In addition, the Devo report revealed the following factors may limit SOC efficiency:
- Too many tools
- Lack of data access
- Inability to capture actionable intelligence
- No formal training programs
- Lack of skilled personnel
Most IT security practitioners believe automating security analyst workflows and implementing advanced analytics or machine learning would help improve SOC performance, according to the Devo report. These capabilities enable SOCs to eliminate repetitive tasks and reduce security analyst workloads.
What Is a Highly Effective SOC?
The Devo report indicated there are several factors that define a highly effective SOC, including:
- Strong business alignment
- Extensive training
- Visibility into IT security infrastructure
- Compliance with privacy and data protection requirements
Highly effective SOCs have organizational support and resources to fuel their operations, the Devo report showed. By investing in their SOC operations, organizations are better equipped than ever before to help their SOCs quickly identify and address cyberattacks.