Devo Technology announced the results of its 3rd annual SOC Performance Report (SPR), a survey on the current state of security operations center (SOC) performance, conducted by Ponemon Institute in September 2021.
While last year’s report found high-performing organizations advancing even in the face of substantial workforce challenges, this year’s report finds significant, and even crippling, disconnects in perception between SOC leadership and staff in terms of organizational effectiveness and capability — with more than 60% rating communication average-to-below-average, and more than a third ranking it below average.
The global survey captured and contrasted the insights of more than 1,000 cybersecurity professionals, with 535 operating at a leader level (senior executives, vice president, director or manager) and 485 operating at a staff/practitioner level (supervisor, technician staff or contractor). While last year’s survey found positive and modest gains in focus, funding and training, the numbers have largely plateaued this year, and the major challenges for organizations across the board remain roadblocks. More than 70% of SOC staff rate their “pain” level from a seven to 10 on a scale of 10, and “turf and silo” issues are still plaguing a majority of organizations, with more than 60% citing them as a primary barrier to success. This persistent issue shines a new light on oversight of the SOC as a challenge, with more than 40% citing lack of leadership or lack of executive-level support as a major barrier to success.
This is notable when you examine the discrepancy in perception of how the SOC is working between leaders and staff, including:
- Half of leaders assessed their SOC as highly effective versus less than 40% of staff.
- More than half of leaders lauded the investigative capabilities of their SOC, while only one-third of staff gave it high marks.
- In assessing the communication of SOC strategy “to the trenches,” nearly 60% ranked communication as average or below average, with more than one-third rating communication as solidly below average.
“The growing perception gap over SOC efficiency between operational leaders and practitioners should be seen as a warning sign of simmering frustrations that can have implications on SOC efficacy and analyst retention,” said Gunter Ollmann, CSO of Devo. “Whether complacency or still navigating new modes of work and staffing in the past year, organizations can’t afford to stall in advancing their defenses against what is a growing onslaught of attacks. It would seem that, while they weathered a storm in the past few years, organizations need a leadership and resource ‘booster shot’ to keep building a better defense for what comes next.”
"Enterprises have spent the past several decades adding cybersecurity technology capabilities that increase the volume of alerts to the SOC,” said Jim Routh, board member, advisor and former CISO. “Enterprise leaders need to spend the next decade improving their data analytical skills and infrastructure to lower the volume of cyber alerts and make more alerts actionable through data science and automation."
In addition to the realities that staff burnout hasn’t dropped and information overload has only increased for organizations, half of SOC teams across the board cited a lack of talent as a major impediment and more than 60% lack visibility into the IT infrastructure. These persistent pain points for all SOC teams remain areas that require focus, training, and the right technology mix.
Other notable findings in the survey related to SOC analyst pain include:
- 72% of respondents rated the pain of their SOC analysts at a seven or above on a 10-point scale.
- When asked, “What makes working in the SOC painful?” 70% said information overload, followed by lack of resources (58%), and inability to capture actionable intelligence (56%).
- 63% of survey respondents said that on-the-job pain in the SOC has caused them to consider changing careers or leaving their jobs.