Increasing Workload, Lack of Visibility, and Threat Hunting Challenges Cited as Top Concerns in SOCs

Organizations face a problem of dealing with threats that are not only becoming more complex but also becoming more abundant — thus taking a toll on security staff and their effectiveness. This reality is echoed in Ponemon Institute’s new research, titled “Improving the Effectiveness of the Security Operations Center,” which surveyed 554 IT and IT security practitioners in organizations that have a security operations center (SOC).

SOC effectiveness low, work painful

The Ponemon Institute’s report, which is sponsored by Devo Technology, found that 58% of respondents have given their SOCs’ effectiveness a low rating. Reasons cited for the ineffectiveness of SOCs are the lack of visibility into network traffic, lack of timely remediation, complexity, and lack of skilled personnel.

The research also revealed that workplace stress is a major pain point, making it difficult for organizations to hire and retain experienced IT security professionals. Increasing workload leading to burnout (73%), lack of visibility (72%), being on call 24/7 (71%), and alert overload (69%) are the top reasons why working in SOCs is increasingly becoming painful for analysts.

The difficulty threat hunting teams face is also considered a contributing factor to workplace stress. This threat hunting problem is due to too many indicators of compromise (IoCs) to track, too much internal traffic to compare against IoCs, lack of internal resources and expertise, and too many false positives.

The abovementioned factors made 65% of respondents consider changing careers or leaving their job. Meanwhile, 66% percent say that experienced security analysts are likely or very likely to quit their job with an SOC.

[Read: Why looking deeper into gray alerts is important]

Hard SOC work amid a global cybersecurity skills gap

The Ponemon Institute’s findings only add to the growing list of concerns that the cybersecurity industry has to address. On top of the threat hunting problem and the overwhelming number of alerts cybersecurity professionals have to check, the cybersecurity skills gap remains a global problem. For nearly 50% of 1,125 chief information security officers (CISO) who responded in a 2018 Opinium survey commissioned by Trend Micro, 54% of U.S.-based CISOs disclosed that they have difficulty hiring skilled professionals.

Security recommendation

Organizations with understaffed and overextended cybersecurity teams can become vulnerable to financial loss, operational disruption, and reputational damage if the problems on security alerts volume and skills shortage are not addressed.

One of the ways organizations can keep up is to avail of a managed detection and response (MDR) service. MDR can help organizations by providing 24/7 alert monitoring and threat detection and response capabilities from experienced cybersecurity professionals who can maximize security solutions to an organization’s advantage. An MDR service also provides alert prioritization, investigation, and threat hunting with the use of advanced AI to correlate and prioritize alerts, customer data, and threat intelligence.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.