Light Dark
July 27, 2018 By Jasmine Henry 3 min read
Intelligence & Analytics

New research reveals the majority of security professionals involved in the management of a security operations center (SOC) want change. Across enterprises, however, there is a divide between the perspectives of executives, directors and individuals involved in day-to-day incident response (IR) activities.

Sixty-two percent of executives, managers and analysts believe their organization needs improvement around technology, talent, processes or another key area of operations, according to Exabeam’s 2018 State of the SOC report. While technology is the biggest pain point across all positions, security operations professionals working in frontline roles are more than twice as likely as executives to identify technology as a barrier.

These trends exacerbate the struggles of security analysts, who report themselves “overworked, understaffed and overwhelmed,” according to recent findings. It’s time for CISOs and SOC directors to understand the real impact of legacy technology and talent shortages on IR staff.

Updating Tech Should Be a Top Priority

Across all job titles, technology is perceived as the greatest opportunity for improvement in the enterprise SOC. However, individual perceptions of the day-to-day impact of IR technologies vary enormously.

Analysts and directors are more than twice as likely as CISOs to deem outdated solutions a barrier. Fifty percent of frontline staff and managers rank legacy technology as a pain point, according to the Exabeam report, compared to just 22 percent of the C-suite. One respondent even expressed a desire to “trash it all and start over instead of milking ancient legacy systems and hardware.”

The details of the negative impact of legacy technology, such as analyst alert fatigue, may not be fully understood by many CISOs. Forty-seven percent of frontline analysts and managers are concerned with how difficult it is to keep up with alerts, compared to just 35 percent of executives.

Frontline Staff Want Emotional Intelligence

Talent and staffing revealed another divide between the perspectives of top leadership and analysts: Sixty-two percent of frontline staff believe inexperienced talent is a major risk, according to the report, while just 21 percent of executives agree. Twenty-eight percent of all SOC professionals believe their team needs to hire as many as 10 analysts.

When it comes to the specifics of the information security skills gap, it’s clear that emotionally intelligent ops analysts are in peak demand. Respondents are seeking hires who exhibit the following soft skills:

  • Teamwork;
  • Communication;
  • Leadership ability; and
  • Personal and social skills.

Interpersonal skills and team chemistry should play a significant role in shaping the staffing trajectory of the enterprise SOC. In times of crisis and change, an analyst’s abilities to adapt and communicate are likely key success factors.

Effective SOCs Invest in Talent and Emerging Technology

While 81 percent of SOCs believe they are underfunded, the most effective SOCs allocate their budgets differently than their peers, according to the same research. While financial allocation cannot compensate for a dramatically underfunded security program, investing in the right areas of operations improves outcomes. Less effective operations centers spend more on facilities and management, while struggling to fund technology and talent.

In contrast, the majority of effective SOC professionals believe their center is correctly staffed and are significantly more likely to use more categories of security information and event management (SIEM) technology than their peers. Leading organizations are also more likely to have invested in emerging technology categories.

Effective SOCs are set apart by the depth of their investments in:

  • Identity and access management;
  • Advanced network and cloud monitoring;
  • User behavior analytics;
  • Machine learning and cognitive intelligence;
  • Big data security analytics; and
  • Endpoint detection and response.
Related: Internet of Things: All Well or Orwell?

Mending and Strengthening the SOC in 2018

It’s time for CISOs and SOC directors to lessen the load on analysts before talent pursues other opportunities. Ninety-one percent of CISOs believe the severity of data breaches and cyber incidents will increase over the next 24 months, according to the Ponemon Institute’s recent “The Evolving Role of CISOs and Their Importance to the Business.” There could be talent-based security risks facing the enterprise if leaders fail to improve employee satisfaction.

Unlocking employee engagement requires smarter technologies, intelligent outsourcing and training investments. CISOs and directors should work to understand frontline staff’s perspectives and the impacts of legacy technology. According to IBM research, analysts in the enterprise SOC face 200,000 unique pieces of security event data each day.

When hundreds of thousands of data points are filtered through legacy SIEM solutions, security analysts must manually review alerts to separate false positives from true threats. Analysts need augmented intelligence for context to quickly distinguish meaningless noise from risks.

The best security intelligence sources real-time data from a variety of structured and unstructured sources, including threat intelligence feeds, exchanges, security blogs, vulnerability lists and more to rank and categorize event data by actual risk. The most highly effective SOCs will sufficiently allocate both technology and staff to their analysts so they can quickly analyze threats and reduce pain points at all levels of operations.

 |  |  |  | 
Jasmine Henry

More from Intelligence & Analytics
September 5, 2024

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

August 21, 2024

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

February 21, 2024

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature