Content, Content

Security Operations Center Research: XDR, Automation May Improve ROI, FireEye Finds

Even though organizations are spending more to address security operation center (SOC) challenges, they're unhappy with the less than stellar outcomes for their investments, a new FireEye report said.

The SOC problems companies are grappling with are difficult to fix: Increasing security management complexity, rising analyst salaries, security engineering, management outsourcing costs, among others. In response, some companies are looking to extended detection and response (XDR) and security automation tools to reduce security engineering costs, boost SOC performance and improve employee morale, FireEye said in its Second Annual Study on the Economics of Security Operations Centers: What is the True Cost for Effective Results? Data for the report was gleaned from a survey of 682 SOC professionals conducted by Ponemon.

The security provider’s report identifies four SOC macro trends, based on input from the study’s respondents:

  1. Returns on investments (ROI) of SOCs has worsened due to increasing complexity and rising security engineering and management outsourcing costs.
  2. Even with increasing salaries organizations are not able to boost employee morale.
  3. Investments in new XDR and security automation tools show promise to reduce security engineering costs, boost SOC performance and improve employee morale.
  4. In spite of decreasing ROI, the SOC is more important than ever to a strong security profile.

And, some data to support them:

On ROI of SOC investments.

  • 51% said the ROI of the SOC is getting worse, compared to 44 percent in 2019.
  • The average cost to pay MSSPs for security monitoring is $5.3 million annually, an increase from $4.4 million in 2019.
  • 51% rate their security engineering efforts as effective or very effective despite spending $2.7 million annually on it.

On unhappy SOC workers.

  • 85% said working in the SOC is painful or very painful, up from 72 percent in 2019.
  • 75% said increasing workloads and being on call are overwhelming security analysts, up from 70% in 2019.
  • Organizations are expecting to hire an average of five analysts in 2021--three will resign or be fired in one year.
  • Organizations are increasing security analyst salaries, with the average rising from $102,000 in 2019 to $111,000 in 2020.
  • 38% percent believe they can hire the right talent.

On new technology.

  • Organizations surveyed intended to spend an average of $333,150 for XDR; $345,150 for security orchestration, automation and response (SOAR); $285,150 for managed detection and response (MDR); and $183,150 for security information and event management (SIEM).

On security posture.

  • The number of respondents who said their SOC is essential or very important increased from 73 percent last year to 80 percent now.
  • The most important SOC activities: Minimizing false positives reporting (88 percent); having agile DevOps functions (increasing from 73 to 85 percent); automating machine learning tools (increasing from 72 to 80 percent).

“Many security teams are now seeking new technologies that can provide greater efficiencies and visibility, while cutting alert overloads and eliminating mundane tasks to improve analyst morale,” said Chris Triolo, FireEye vice president of customer success.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.