IT disaster recovery, cloud computing and information security news

Daisy

New SOC research highlights that ‘overconfident security teams’ fail to focus on threat dwell time

Exabeam has released its annual ‘2020 State of the SOC Report,’ examining the processes and effectiveness of corporate security operations centers / centres (SOCs).

This year’s study reveals that 82 percent of SOCs are confident in the ability to detect cyber threats. Exabeam says that this confidence is unfounded, with just 22 percent of frontline workers tracking mean time to detection (MTTD), which helps determine hacker dwell time.

The survey, conducted among 295 respondents across the US, the UK, Canada, Germany and Australia, was also fielded to determine how analysts and SOC management view key aspects of their operations, hiring and staffing, retention, technologies, training and funding.

“From 2018-2019, we learned that dwell time - or, the time between when a compromise first occurs and when it is first detected - has grown. Based on this, it is surprising for SOCs to report such inflated confidence in detecting cyber threats,” said Steve Moore, chief security strategist at Exabeam. “We see great progress in the SOC with attention paid to employee well-being, measures for better communication and more. However, disparate perceptions of the SOCs’ effectiveness could be dangerously interpreted by the C-suite as assurances that the company is well-protected and secure, when it’s not.” 

Highlighting the imbalance, says Exabeam, is that SOC leaders and frontline analysts do not agree on the most common threats facing the organization. SOC leaders believe that phishing and supply chain vulnerabilities are more important issues, while analysts see DDoS attacks and ransomware as greater threats.

Technology trends

Small- and medium-sized teams especially are more concerned with downtime or business outage (50 percent) over threat hunting as an operational metric, yet threat hunting stands out as a must-have hard skill (61 percent).

Other prominent findings include:

  • SOC outsourcing in the US has declined year-on-year (36 percent to 28 percent)
  • UK outsourcing had a year-on-year increase (36 percent to 47 percent)
  • Germany reported 47 percent outsourcing, primarily of threat intelligence services
  • Australian SOCs struggle in most categories and need improvement in technology updates, monitoring events and responding to/analyzing incidents.

In general, monitoring and analytics, access management and logging are higher priorities this year for all SOC roles.

  • More than half of SOCs were found to log at least 40 percent of events in a SIEM
  • The UK utilises logging the most, compared with geographic counterparts
  • SOCs are least able (35 percent) to create content, the skill around the creation of detection logic, validation, tuning and reporting

To support this, most SOCs expect to see security orchestration, automation and response (SOAR) tools take precedence over other technologies in upcoming years. 

More details.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.