The cloud-native platform for centralized log management
Analytics, visualizations, and workflows purpose built for practitioners
Leading firms gaining more value from their machine data
Any source, any velocity – centralize logs, metrics, and traces for full visibility.
Close the gap between detection and response with an analyst-focused, cloud-native approach.
Understand complex environments with visual analysis and KPIs that matter most.
The most recent articles & research from Devo
New research explores the current state of the Security Operations Center (SOC) and the analysts that run them; shows the SOC is considered essential to business yet largely ineffective
Cambridge, Mass., July 29, 2019 – Devo Technology, the data analytics platform that unlocks the full value of machine data for the world’s most instrumented enterprises, today released the findings of a new survey conducted in partnership with the Ponemon Institute. The research, Improving the Effectiveness of the Security Operations Center, found that while the SOC is considered an essential or important component of business, most respondents rate their SOC’s effectiveness as low, and 49 percent say it is not fully aligned with business needs. Problems such as a lack of visibility into the network and IT infrastructure, a lack of confidence in the ability to find threats, and workplace stress on the SOC team are diminishing its effectiveness.
Further, security professionals say working in the SOC is painful, leading 65 percent to report having considered changing careers or quitting their jobs. As a result of these factors, 78 percent of respondents say the mean time to resolution (MTTR) can be weeks to months or even years.
“The survey findings clearly highlight that a lack of visibility and having to perform repetitive tasks are major contributors to analyst burnout and overall SOC ineffectiveness,” said Julian Waits, General Manager of Cyber, Devo. “It is critical that businesses make the SOC a priority and evolve its effectiveness by empowering analysts to focus on high-impact threats and improving the speed and accuracy of triage, investigation, and response.”
The following findings reveal why organizations have SOC frustration:
“There are a number of factors contributing to the SOC’s overall ineffectiveness – such as the lack of visibility into IT security infrastructure – but the factor that truly stands out is the level of analyst burnout due to their heavy workload, and the immense amount of stress and pressure they are facing,” said Larry Ponemon, founder of Ponemon Institute. “It is clear this is a critical area that needs to be addressed to improve SOC effectiveness.”
The Anatomy of Today’s SOC
The research also highlights the state of the SOC today, including:
Organizations are shifting to the cloud: 53 percent of respondents say what best defines the IT infrastructure that houses their SOC is mostly cloud (29 percent) or a combination of cloud and on-premises; 47 percent of respondents say it is on-premises.
The majority of respondents (51 percent) say their companies invest in threat intelligence feeds. Of these organizations, 54 percent of respondents say the threat intelligence feeds combine open source and paid feeds. 60 percent of respondents in organizations that invest in threat intelligence feeds develop custom feeds based on a technology profile.
The exploits most commonly identified by the SOC are malware attacks (98 percent), exploits of existing or known vulnerabilities (80 percent), spear phishing (69 percent) and malicious insiders (68 percent).
Organizations outsource to MSPs based on their size and maturity level. Smaller organizations tend to outsource because of the inability to have an expert in-house SOC team and the necessary technologies as well as to improve efficiencies.. As size and maturity increases, outsourcing decreases.
Recommendations To Minimize Analyst Burnout and Increase SOC Effectiveness
The findings do not bode well for setting a SOC up for success, but the research also suggests organizations can consider the following actions:
Sponsored by Devo Technology, Ponemon Institute surveyed 554 IT and IT security practitioners in organizations that have a SOC and are knowledgeable about cybersecurity practices in their organizations. Their primary tasks are implementing technologies, patching vulnerabilities, investigating threats and assessing risks.
Download the full report here to gather recommendations for how to minimize analyst burnout and increase overall SOC effectiveness.
Sign up for the webinar for more insights on the survey results from the Ponemon Institute and Devo.
Devo unlocks the full value of machine data for the world’s most instrumented enterprises, putting more data to work now. Only the Devo data analytics platform addresses both the explosion in volume of machine data and the new, crushing demands of algorithms and automation, enabling IT operations and security teams to realize the full transformational promise of machine data to move the business forward. Devo is a privately held company based in Cambridge, MA and is backed by Insight Partners. Visit www.devo.com to learn more.
Sign up to stay informed with the latest updates from Devo.