New SOC Performance Report: Security Analysts Are Overworked and Under Resourced

The fourth annual Devo SOC Performance ReportTM shows security professionals believe the SOC is significant to their organization’s cybersecurity strategy. As noted in our last blog, 77% of respondents say their SOC is “very important” or “essential” to their organization.

But there’s pain behind the scenes as well. The report notes the majority of security professionals are feeling overwhelmed due to too much work and not enough resources. 71% of SOC professionals said that they’re likely to quit their job, with the top reasons being information and work overload, lack of tool integration, and alert fatigue. Respondents also reported that the average time to fill a SOC position is 7 months — yikes!

What are some ways that we can address these issues? Let’s take a closer look.

Analysts in Pain Won’t Remain

The report also closely examined the source of security analysts’ and leaders’ pain. The top two reasons that make working at the SOC painful for analysts are burnout caused by growing workload (34%) and losing to adversaries (32%). In addition, 78% of SOC staff work overtime, with an average of 7 overtime hours worked per week.

There are not enough security experts to go around, and this puts extreme pressure on SOC analysts who are exhausted from increasing workloads and too many alerts. Traditional stress management techniques help here, including providing better support for workers, and giving them more time away from work to rest and recharge.

Respondents also point to workforce automation, advanced analytics and machine learning as effective ways to alleviate SOC analyst pain. For example, cloud-scale SIEM capabilities for data ingestion, high-performance query capabilities, and an intuitive user interface can help analysts perform faster and detect threats quicker.

New SOC Model Needed

It’s clear that a new SOC model is required for organizations to stay ahead of continued shortage of skilled analysts, the exponential increase in data, and the volume and severity of cyberattacks.

Based on survey feedback, the new SOC model going forward needs to:

• Deliver complete visibility, automation and analytics
• Integrate seamlessly with security and IT tools
• Enable SOC leaders to automate triage, investigation and hunting
• Deliver fast, effective detection and incident response to resolve threats on large-scale, cloud-first infrastructures

As with most complex and serious problems, there are no easy answers. But technological solutions to the challenges overwhelming today’s SOCs may be the most effective way to stem the tide of resignations and growing vulnerability of organizations to relentless attackers.

For our next blog post, we’ll address the challenges leaders face in hiring and keeping talent. In the meantime, you can download the full report here.