New research reveals the majority of security professionals involved in the management of a security operations center (SOC) want change. Across enterprises, however, there is a divide between the perspectives of executives, directors and individuals involved in day-to-day incident response (IR) activities.
Sixty-two percent of executives, managers and analysts believe their organization needs improvement around technology, talent, processes or another key area of operations, according to Exabeam’s 2018 State of the SOC report. While technology is the biggest pain point across all positions, security operations professionals working in frontline roles are more than twice as likely as executives to identify technology as a barrier.
These trends exacerbate the struggles of security analysts, who report themselves “overworked, understaffed and overwhelmed,” according to recent findings. It’s time for CISOs and SOC directors to understand the real impact of legacy technology and talent shortages on IR staff.
Updating Tech Should Be a Top Priority
Across all job titles, technology is perceived as the greatest opportunity for improvement in the enterprise SOC. However, individual perceptions of the day-to-day impact of IR technologies vary enormously.
Analysts and directors are more than twice as likely as CISOs to deem outdated solutions a barrier. Fifty percent of frontline staff and managers rank legacy technology as a pain point, according to the Exabeam report, compared to just 22 percent of the C-suite. One respondent even expressed a desire to “trash it all and start over instead of milking ancient legacy systems and hardware.”
The details of the negative impact of legacy technology, such as analyst alert fatigue, may not be fully understood by many CISOs. Forty-seven percent of frontline analysts and managers are concerned with how difficult it is to keep up with alerts, compared to just 35 percent of executives.
Frontline Staff Want Emotional Intelligence
Talent and staffing revealed another divide between the perspectives of top leadership and analysts: Sixty-two percent of frontline staff believe inexperienced talent is a major risk, according to the report, while just 21 percent of executives agree. Twenty-eight percent of all SOC professionals believe their team needs to hire as many as 10 analysts.
When it comes to the specifics of the information security skills gap, it’s clear that emotionally intelligent ops analysts are in peak demand. Respondents are seeking hires who exhibit the following soft skills:
- Leadership ability; and
- Personal and social skills.
Interpersonal skills and team chemistry should play a significant role in shaping the staffing trajectory of the enterprise SOC. In times of crisis and change, an analyst’s abilities to adapt and communicate are likely key success factors.
Effective SOCs Invest in Talent and Emerging Technology
While 81 percent of SOCs believe they are underfunded, the most effective SOCs allocate their budgets differently than their peers, according to the same research. While financial allocation cannot compensate for a dramatically underfunded security program, investing in the right areas of operations improves outcomes. Less effective operations centers spend more on facilities and management, while struggling to fund technology and talent.
In contrast, the majority of effective SOC professionals believe their center is correctly staffed and are significantly more likely to use more categories of security information and event management (SIEM) technology than their peers. Leading organizations are also more likely to have invested in emerging technology categories.
Effective SOCs are set apart by the depth of their investments in:
- Identity and access management;
- Advanced network and cloud monitoring;
- User behavior analytics;
- Machine learning and cognitive intelligence;
- Big data security analytics; and
- Endpoint detection and response.
Mending and Strengthening the SOC in 2018
It’s time for CISOs and SOC directors to lessen the load on analysts before talent pursues other opportunities. Ninety-one percent of CISOs believe the severity of data breaches and cyber incidents will increase over the next 24 months, according to the Ponemon Institute’s recent “The Evolving Role of CISOs and Their Importance to the Business.” There could be talent-based security risks facing the enterprise if leaders fail to improve employee satisfaction.
Unlocking employee engagement requires smarter technologies, intelligent outsourcing and training investments. CISOs and directors should work to understand frontline staff’s perspectives and the impacts of legacy technology. According to IBM research, analysts in the enterprise SOC face 200,000 unique pieces of security event data each day.
When hundreds of thousands of data points are filtered through legacy SIEM solutions, security analysts must manually review alerts to separate false positives from true threats. Analysts need augmented intelligence for context to quickly distinguish meaningless noise from risks.
The best security intelligence sources real-time data from a variety of structured and unstructured sources, including threat intelligence feeds, exchanges, security blogs, vulnerability lists and more to rank and categorize event data by actual risk. The most highly effective SOCs will sufficiently allocate both technology and staff to their analysts so they can quickly analyze threats and reduce pain points at all levels of operations.