The fourth annual Devo SOC Performance ReportTM shows that issues facing organizations since the start of the global pandemic in early 2020 continue to affect SOC performance, including challenges in hiring and retaining SOC talent. Based on the independent survey of more than 1,000 global cybersecurity professionals commissioned by Devo and conducted in the Summer of 2022, the report examines current SOC trends and challenges.
The good news? Virtually all professionals surveyed believe the SOC is significant to their organization’s cybersecurity strategy. In fact, 77% of respondents say their SOC is “very important” or “essential” to their organization.
The consensus in this year’s survey is that the SOC continues to play a pivotal role in cybersecurity programs. The 77% who rate the importance of their SOC highly represents a slight uptick from the 2021 survey, where 73% of respondents held their SOC in such high regard. This isn’t especially surprising since cybersecurity professionals who devote their careers to SOC work should be expected to feel that their efforts do make an important contribution.
In addition, nearly 90% of respondents rate their SIEM as “effective” to “very effective” with 25% rating it a 9 or 10 on the 10-point scale. These results, including the fact that just 3% of survey respondents work for organizations that have not deployed a SIEM, point to the significant and pivotal role this technology provides to the vast majority of SOCs.
The ability to scale, integrate with other SOC solutions, and in particular, the ability to collect data from all required sources is quickly becoming a standard feature of modern SIEMs. In fact, a SIEM that cannot collect all the data the SOC team needs to protect is a liability. Finally, SIEMs that lack advanced security analytics as cited by respondents are truly behind the curve of what a truly effective SIEM can provide to SOCs.
The bad news? Nearly one-third of respondents cite the lack of visibility into the IT security infrastructure as a barrier to success. Visibility is the most crucial basic ingredient of cybersecurity success — you need to see what’s happening before it’s too late so you can respond effectively.
Bad actors are experts at staying hidden in the noise of logs, systems, tools, teams and silos. If SOC analysts can’t see all the data and infrastructure they’re responsible for protecting, the likelihood of them successfully achieving their goals is significantly diminished.
Training, hiring and retaining skilled personnel is another significant pain point. There just are not enough security experts to go around, and this is putting extreme pressure on SOC analysts who are exhausted from increasing workloads and too many alerts. The average time Devo survey respondents said it takes to fill a position is seven months, with 15% percent of SOC leaders saying it takes two years or longer to fill a SOC role.
But respondents also point to workforce automation and technology tools as an effective way to alleviate SOC analyst pain. Cloud-scale SIEM capabilities for data ingestion, high-performance query capabilities, and an intuitive user interface are tools that can help analysts perform faster and detect threats quicker.
To sum up, our 2022 survey responses show that SOC staff members continue to experience considerable pain while performing their critically important — and highly stressful — work. The results indicate that SOC leaders and their teams continue to wrestle with several ongoing challenges, including:
• Alignment of SOC objectives and business needs
• Barriers to successful SOC operation
• Reasons for SOC ineffectiveness
• The ongoing pain of SOC workers and what’s causing it
• SOC workers quitting or seriously considering it — and the difficulty of replacing them
The disparities in some key areas provide clear evidence that the issues facing organizations since the start of the global pandemic in early 2020 continue to affect SOC performance during the ongoing Great Resignation.
You can download the 2022 Devo SOC Performance Report to get a better understanding of the challenges facing security teams and leaders.