The cloud-native platform for centralized log management
Analytics, visualizations, and workflows purpose built for practitioners
Leading firms gaining more value from their machine data
Any source, any velocity – centralize logs, metrics, and traces for full visibility.
Close the gap between detection and response with an analyst-focused, cloud-native approach.
Understand complex environments with visual analysis and KPIs that matter most.
The most recent articles & research from Devo
CAMBRIDGE, Mass.—June 23, 2020—Devo Technology, the data analytics and security company, today announced the results of a survey on the current state of security operations center (SOC) performance, finding that while some organizations have increased funding, the overall gains have been meager, and the most significant issues have not only persisted, but worsened. This second annual Devo SOC Performance ReportTM, based on a survey conducted by Ponemon Institute, examines many of the same issues as last year, and found 60% of SOC team members are still considering changing careers or leaving their jobs due to stress. The survey, conducted in March and April 2020, queried IT and IT security practitioners in organizations that have a SOC.
On the positive side, the importance of investing in a SOC remains high, with 72% of respondents categorizing the SOC as “essential” or “very important” to their organization’s overall cybersecurity strategy, up 5% year over year. Additionally, the average annual cybersecurity budget for organizations rose $6 million to $31 million, with the SOC representing more than one-third of that total. For respondents whose organizations have invested in people, process, and technology, the performance differences are stark. Strong business alignment (73%) and extensive training (67%) help high-performing SOCs more than double the effectiveness of their lower-performing brethren. However, the pain and barriers facing SOC teams are universal and worsening, with higher performers citing 10% more pain at an extreme level (9-10 on a 10-point scale), and virtually no difference in the level below that (7-8).
The major areas of pain and resistance include:
Not surprisingly, the perennial issue of a skills shortage (seen by more than 50% of respondents) is close to the heart of the issue. But digging deeper, it’s quickly apparent that across the board people, process, and technology are misaligned and inefficient:
“At first blush, the data from the survey made it appear that SOCs are advancing, but it turns out the budget growth and successes hide substantial pain—and to achieve even these modest successes consumes considerable resources,” said Julian Waits, general manager, cybersecurity, for Devo. “While the focus and efforts of high-performing SOCs are driving them to be successful in spite of increasing barriers, that success comes at an unacceptable human cost. Seventy-eight percent of respondents say working in the SOC is very painful. Even more troubling, 69% say that experienced analysts would quit the SOC because of stress. It’s clear that significant reforms must be made to achieve greater SOC efficiency and engagement—with less analyst stress—especially in the face of a new economic normal that will likely constrain investments for some time to come.”
For all the friction and pain, high-performing teams are continuing to advance the benefits SOCs provide organizations and should be commended for their efforts. Most importantly, high-performing teams have driven strong business consensus, with 73% of SOC objectives aligned with business objectives, versus low performers for whom 63% have no alignment at all. Among the lessons that can be learned from the findings, the top three actions cited to demonstrably alleviate SOC analyst pain are greater workflow automation (71%), implementing advanced analytics/machine learning (63%), and access to more out-of-the-box content (55%).
Commissioned by Devo, Ponemon Institute surveyed 585 IT and IT security practitioners in organizations that have a SOC and are knowledgeable about their organizations’ cybersecurity practices. Respondents’ primary tasks are implementing technologies, patching vulnerabilities, investigating threats, and assessing risks. The survey was conducted between March 11 and April 5, 2020.
Devo will host a virtual panel discussion, A Tale of Two SOCs: Striving for SOC Effectiveness, on Thursday, July 23, 2020. Moderated by Sean Martin of ITSPmagazine, industry cybersecurity leaders will share their experiences establishing highly productive security teams and key lessons that can be applied for improving the effectiveness of security operations.
Devo unlocks the full value of machine data for the world’s most instrumented enterprises, putting more data to work—now. Only the Devo Data Analytics Platform addresses both the explosion in volume of machine data and the new, crushing demands of algorithms and automation. This enables IT operations and security teams to realize the full transformational promise of machine data to move businesses forward. Headquartered in Cambridge, Mass., Devo is privately held and backed by Insight Partners. Learn more at www.devo.com.
Sign up to stay informed with the latest updates from Devo.