Struggles with legacy technology and false positives are key challenges for security operations centres
- Published: Thursday, 07 June 2018 07:20
A new report from Exabeam highlights key challenges faced by those who manage and work in security operations centres (SOCs). The inaugural ‘State of the SOC’ report highlights the challenges which have the potential to limit the ability of SOCs to tackle ever increasing volumes of security alerts and potential cyber attacks. The report also identifies a number of key differences between US and UK SOCs.
This study sought the opinion of IT professionals working in a SOC from the most senior to those managing and working at the coal-face. In some instances there were stark differences of opinion between executives and their teams. This was especially noticeable around technology, where 79 percent of managers and frontline employees expressed frustration with legacy and out-dated equipment, compared to 22 percent of CIO and CISOs. However, all job functions highlighted false positives and keeping up with security alerts as a top of mind concern.
Key findings include:
Hiring and staffing
45 percent of SOC professionals believe their SOC is understaffed, and of those, nearly two thirds (63 percent) think they could use anywhere from an additional 2-10 employees
62 percent of managers and frontline employees see inexperienced staff as a key pain point, compared to just one fifth (21 percent) of CIO & CISOs
The most important skills were identified as:
- Data loss prevention, ability to work in teams and malware software;
- Gaps in current skills include digital forensics, and communication and soft skills.
Technology trends and pain points
Nearly half of all respondents (47 percent) cited keeping up with security alerts as the biggest pain point.
Technology is two times more of a pain point for front-line workers (50 percent) than the c-suite (22 percent).
79 percent of managers and frontline employees are concerned with legacy and out-dated equipment, compared with just 22 percent of CIO & CISOs.
More than half of SOC professionals (54 percent) believe technology (in the SOC) is underfunded.
Machine learning technologies are perceived as some of the soonest to impact the security space, whereas artificial intelligence will take the longest.
Finance and budget
Over half of respondents (51 percent) expressed satisfaction with funding levels related to the SOC, but unsurprising the majority (81 percent) stated they would like more budget.
Half (51 percent) of companies have a cyber insurance policy in place. SOCs in the UK are more likely to have cyber security insurance than their US counterparts. Protection of data is the biggest driver for cybersecurity insurance (47 percent). Those that don’t have it feel that it is unnecessary or too expensive (45 percent).
To download the full report, click here.