Findings show meaningful action is required to improve the conditions in SOCs
CAMBRIDGE, Mass., October 11, 2022 – Devo Technology, the cloud-native logging and security analytics company, today announced the results of its fourth annual SOC Performance Report™, which found that SOC leaders continue to face a tricky balancing act when it comes to retaining SOC analysts amid immense talent shortages and turnover. Additionally, the report illustrates how leaders’ disjointed views of SOC distress and remedies impact analysts’ performance and overall work experiences, signaling a need for a change in how SOC work is conducted.
Devo’s report shows that despite agreement on the importance of the SOC to the cyber strategy—lines are drawn between SOC leadership and staff in terms of SOC effectiveness. On a 1-to-10 scale, 31% of SOC leaders rate their SOC a nine or higher, classifying it as “very effective,” while only 17% of staff agree. The disconnect between opinions on SOC effectiveness becomes less surprising when digging deeper into responses around the pain and challenges of working in the SOC.
When asked to assess the pain level of working in the SOC on a 1-to-10 scale, most leaders (68%) and staff (74%) put the range of pain between six and ten. The report closely examined the source of security analysts’ and leaders’ pain and discovered:
- The top two reasons that make working at the SOC painful for analysts are burnout caused by growing workload (34%) and losing to adversaries (32%).
- 78% of SOC staff work overtime, with an average of 7 overtime hours worked per week.
- One-third of analysts face difficulties in operating across too many tools.
- A quarter of leaders experienced pain when faced with limited cybersecurity budgets.
Several key survey findings reveal that, with the level of pain associated with working in the SOC, leaders face difficulty retaining and attracting talent:
- Respondents reported that the average time to fill a SOC position is 7 months.
- 71% of SOC professionals responded that they are likely to quit their job, with the top reasons cited as information and work overload, insufficient downtime, lack of tool integration, and alert fatigue.
“The disillusionment that expert talent faces has a chain reaction that jeopardizes organizational cybersecurity posture,” said Kayla Williams, CISO of Devo. “SOC leaders need to restore the disconnect between executives and professionals. Applying modern approaches helps eliminate the distressing components of SOC work and creates better agility in the ever-evolving threat landscape and attack surface. For example, supplementing SOC analysts by implementing AI to flag false positives not only will combat alert fatigue, it can shift analyst focus to real threats their organization faces, driving more value out of the SOC as a business partner.”
More than half of leaders and 39% of staff note that spending more money on SOC services is the top solution to alleviate the pain experienced by SOC staff. With extensive financial investments in security operations, automation and analytics hold the power to streamline the most critical aspects of the threat lifecycle, eliminating the repetitive manual tasks that lead to analyst burnout and SOC inefficiency. When discussing how organizations can improve their experience in the SOC, 37% of workers identified advanced analytics, machine learning, and automation as key to alleviating their pain points.
“Organizations need to reduce the burdens of manual work on their analysts with more holistic and intelligent deployments of analytics and automation to get in front of cyber attackers and empower security analysts to be effective and build morale,” said Williams. “The industry is trending toward the era of autonomous SOC, giving SOC teams the breathing room they need while offering end-to-end support in detecting and mediating threats. It is a win-win for the modern organization.”
To view the global report, download here.
The SOC Performance Report ™ was conducted by Wakefield Research, surveying 1,100 decision-makers and non-management staff at organizations with 1,000+ employees and a security operations center (SOC) in the U.S., Canada, UK, France, Germany, Italy, and Australia/New Zealand between July 15th and August 2nd, 2022.
Devo is the only cloud-native logging and security analytics platform that releases the full potential of your data to empower bold, confident action. With unrivaled scale to collect all of your data without compromise, speed to give you immediate access and answers, and clarity to focus on the signals that matter most, Devo is your ally in protecting your organization today and tomorrow. Headquartered in Cambridge, Massachusetts, with operations in North America, Europe and Asia-Pacific, Devo is backed by Insight Partners, Georgian, TCV, General Atlantic, Bessemer Venture Partners, Kibo Ventures and Eurazeo. Learn more at www.devo.com.
Devo Media Contact
+1 (781) 797-0898