July 27, 2018 By Jasmine Henry 3 min read

New research reveals the majority of security professionals involved in the management of a security operations center (SOC) want change. Across enterprises, however, there is a divide between the perspectives of executives, directors and individuals involved in day-to-day incident response (IR) activities.

Sixty-two percent of executives, managers and analysts believe their organization needs improvement around technology, talent, processes or another key area of operations, according to Exabeam’s 2018 State of the SOC report. While technology is the biggest pain point across all positions, security operations professionals working in frontline roles are more than twice as likely as executives to identify technology as a barrier.

These trends exacerbate the struggles of security analysts, who report themselves “overworked, understaffed and overwhelmed,” according to recent findings. It’s time for CISOs and SOC directors to understand the real impact of legacy technology and talent shortages on IR staff.

Updating Tech Should Be a Top Priority

Across all job titles, technology is perceived as the greatest opportunity for improvement in the enterprise SOC. However, individual perceptions of the day-to-day impact of IR technologies vary enormously.

Analysts and directors are more than twice as likely as CISOs to deem outdated solutions a barrier. Fifty percent of frontline staff and managers rank legacy technology as a pain point, according to the Exabeam report, compared to just 22 percent of the C-suite. One respondent even expressed a desire to “trash it all and start over instead of milking ancient legacy systems and hardware.”

The details of the negative impact of legacy technology, such as analyst alert fatigue, may not be fully understood by many CISOs. Forty-seven percent of frontline analysts and managers are concerned with how difficult it is to keep up with alerts, compared to just 35 percent of executives.

Frontline Staff Want Emotional Intelligence

Talent and staffing revealed another divide between the perspectives of top leadership and analysts: Sixty-two percent of frontline staff believe inexperienced talent is a major risk, according to the report, while just 21 percent of executives agree. Twenty-eight percent of all SOC professionals believe their team needs to hire as many as 10 analysts.

When it comes to the specifics of the information security skills gap, it’s clear that emotionally intelligent ops analysts are in peak demand. Respondents are seeking hires who exhibit the following soft skills:

  • Teamwork;
  • Communication;
  • Leadership ability; and
  • Personal and social skills.

Interpersonal skills and team chemistry should play a significant role in shaping the staffing trajectory of the enterprise SOC. In times of crisis and change, an analyst’s abilities to adapt and communicate are likely key success factors.

Effective SOCs Invest in Talent and Emerging Technology

While 81 percent of SOCs believe they are underfunded, the most effective SOCs allocate their budgets differently than their peers, according to the same research. While financial allocation cannot compensate for a dramatically underfunded security program, investing in the right areas of operations improves outcomes. Less effective operations centers spend more on facilities and management, while struggling to fund technology and talent.

In contrast, the majority of effective SOC professionals believe their center is correctly staffed and are significantly more likely to use more categories of security information and event management (SIEM) technology than their peers. Leading organizations are also more likely to have invested in emerging technology categories.

Effective SOCs are set apart by the depth of their investments in:

  • Identity and access management;
  • Advanced network and cloud monitoring;
  • User behavior analytics;
  • Machine learning and cognitive intelligence;
  • Big data security analytics; and
  • Endpoint detection and response.

Mending and Strengthening the SOC in 2018

It’s time for CISOs and SOC directors to lessen the load on analysts before talent pursues other opportunities. Ninety-one percent of CISOs believe the severity of data breaches and cyber incidents will increase over the next 24 months, according to the Ponemon Institute’s recent “The Evolving Role of CISOs and Their Importance to the Business.” There could be talent-based security risks facing the enterprise if leaders fail to improve employee satisfaction.

Unlocking employee engagement requires smarter technologies, intelligent outsourcing and training investments. CISOs and directors should work to understand frontline staff’s perspectives and the impacts of legacy technology. According to IBM research, analysts in the enterprise SOC face 200,000 unique pieces of security event data each day.

When hundreds of thousands of data points are filtered through legacy SIEM solutions, security analysts must manually review alerts to separate false positives from true threats. Analysts need augmented intelligence for context to quickly distinguish meaningless noise from risks.

The best security intelligence sources real-time data from a variety of structured and unstructured sources, including threat intelligence feeds, exchanges, security blogs, vulnerability lists and more to rank and categorize event data by actual risk. The most highly effective SOCs will sufficiently allocate both technology and staff to their analysts so they can quickly analyze threats and reduce pain points at all levels of operations.

More from Intelligence & Analytics

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today