Content, Channel partners, Content, SOC

SOC Research: Security Operations Center Performance Perspectives

Many organizations are investing in their security operations centers (SOCs), but most SOCs still experience performance issues, according to the second-annual "SOC Performance Report" from data analytics and security company Devo Technology.

Key findings from Devo's report include:

  • 72 percent of organizations classify the SOC as "essential" or "very important" to their cybersecurity strategy.
  • 70 percent say it is "very likely" or "likely" that their organization will introduce new tools designed to improve SOC operations.
  • On average, the annual cybersecurity budget is $31 million; the SOC represents one-third of this total.

Although many organizations recognize the importance of SOCs, 78 percent of IT security practitioners said working in the SOC is "painful," the Devo report revealed.

Poor Visibility, Silo Issues Hinder SOC Performance

The Devo report highlighted some of the biggest SOC pain points, such as:

  • Visibility: 70 percent of organizations said they lack visibility into their IT security infrastructure.
  • Silos: 64 percent experience turf or silo issues between IT and the SOC.
  • Environment: Environmental factors such as burnout from increased workloads (75 percent), information overload (67 percent) and "complexity and chaos" in the SOC (53 percent) hamper SOC performance.

In addition, the Devo report revealed the following factors may limit SOC efficiency:

  • Too many tools
  • Lack of data access
  • Inability to capture actionable intelligence
  • No formal training programs
  • Lack of skilled personnel

Most IT security practitioners believe automating security analyst workflows and implementing advanced analytics or machine learning would help improve SOC performance, according to the Devo report. These capabilities enable SOCs to eliminate repetitive tasks and reduce security analyst workloads.

What Is a Highly Effective SOC?

The Devo report indicated there are several factors that define a highly effective SOC, including:

  • Strong business alignment
  • Extensive training
  • Visibility into IT security infrastructure
  • Compliance with privacy and data protection requirements

Highly effective SOCs have organizational support and resources to fuel their operations, the Devo report showed. By investing in their SOC operations, organizations are better equipped than ever before to help their SOCs quickly identify and address cyberattacks.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.