Is The Enterprise Security Operations Center Effective?

Survey: Significant Investment Met With Widespread Dissatisfaction

Add bookmark

Jeff Orr

SOC Effectiveness

A Security Operations Center is a team of expert individuals and the facility in which they work to prevent, detect, analyze, investigate and respond to cyber security incidents.

The SOC is critical to working and performing in today's digitized economy as a greater share of business operations and sensitive data is brought online and into the cloud. A recent study of IT and cyber security professionals that supervise or are responsible for a variety of SOC activities found that 73 percent of respondents viewed their SOCs as crucial elements of their cyber security strategies.

The cost that organizations spend on their SOCs reflect this importance, as the Ponemon Institute research revealed that organizations spend on average nearly $2.9 million annually on their in-house SOCs. Not all organizations have the resources for an in-house security operations team and look to partnerships to reduce costs. However, an organization that outsources its SOC activities to a managed security service provider experienced costs exceeding $4.4 million annually, according to the respondents.

See Related: A Week In The Life Of A CISO: Rizwan Jan, VP & CIO, Henry M. Jackson Foundation

Current SOC Approaches Face Dissatisfaction

“This study highlighted many of the challenges and perceptions regarding company SOCs, including the substantial impact and cost of personnel for in-house SOCs,” said Larry Ponemon, chairman and founder, Ponemon Institute. “Many organizations thus turn to outsourcing, but 58% find their MSSPs to be either ineffective or only moderately effective. This creates a conundrum that suggests a third-way solution is necessary.”

Despite the multi-million dollar investments, 49 percent of security professionals said they are dissatisfied with the effectiveness of their SOC in detecting cyber-attacks. The level of angst increases to 58 percent of respondents who said their MSSP isn’t satisfying their requirements. The higher service costs for an MSSP to staff and manage a SOC can exceed twice the cost for an in-house SOC strategy, which contributes to the higher level of dissatisfaction. The sentiment is leading 63 percent of security teams using an MSSP to consider a different approach, including evaluation of new vendors or bringing the SOC function in-house.

Operating a SOC in-house, however, is not a trouble-free path to security management. Organizations face the same personnel struggles as witnessed in IT security teams, namely staff burnout and turnover. The high-pressure environment and relentless workload for a SOC analyst was cited 70 percent of the time as a stressor for in-house SOC activities. Side effects of the human condition included information overload and incessant alerts contributing to the struggle.

See Related: Top 5 Enterprise Security Threat Detection And Response Challenges

In Search Of A Modern SOC Management Approach

The data indicates that a modern approach to SOC management would be welcomed by enterprise organizations. An opportunity exists to automate highly repetitive and mundane tasks where the human workforce is prone to introduce errors as fatigue sets in. Automation does not replace the human SOC analyst, rather it relies upon a more effective human-in-the-loop approach. This method allows for issues to surface that require higher-value skills in an environment that can scale with the growth of the business.

See Related: The Immediate Impact Of AI In The Security Operations Center