Further complicating life for SOC analysts is the fact that, though their role is viewed as important within their organizations, the perceived return on investment (ROI) that enterprise executives feel they are getting from their SOCs is decreasing. A recent survey of almost 700 IT security practitioners conducted by the Ponemon Institute revealed that 80 percent of respondents say their SOCs are considered “essential” or “very important” to maintaining a strong security posture. Yet at the same time, more than half (51 percent) say the ROI of the SOC is getting worse, not better. For security teams to stay ahead of increasingly complicated cybersecurity threats and also prove the value of the SOC to the C-Suite, they should look to increase investments in security automation technologies and in-house expertise.
As Cost and Complexity Increases, Satisfaction with the SOC Has Decreased
The greatest driver behind the perceived drop in ROI appears to be the rising costs and complexities associated with managing a SOC today. More than 80 percent of respondents in the Ponemon survey stated that their SOC’s complexity is “very high.” Contributing to the complexities of managing a SOC are not only the tremendous volume of alerts and sophisticated threats but also the challenge of finding and keeping capable analysts in an industry that is facing a skills shortage of more than 4 million people. Enterprise SOCs are struggling to keep pace with a high rate of security analyst turnover, and it is driving their operational costs up. Despite expecting to hire an average of five analysts in 2021, respondents reported that an average of three analysts resign or are fired from their teams each year. The high turnover is likely due to the stress of the workload and the relentless pace of combatting never-ending threats. An alarming 85 percent of respondents described working in their SOC as either “painful” or “very painful” – a significant increase over the 72 percent that described it that way the previous year. The vast majority cited increasing workloads as the primary cause of their pain and path to burnout.
In an effort to reduce turnover and improve performance, organizations have been pouring money into their SOCs, increasing their security analysts’ salaries and allocating more budget towards managed security service providers (MSSPs) to provide additional security monitoring. The average salary for a security analyst increased nine percent last year, and many respondents reported that they expect their salaries will increase again this year. Even more significantly, the amount that organizations are paying their MSSPs for security monitoring increased a full 20 percent year-over-year. This large increase in annual operational costs is surely contributing to executives’ perceptions that they are not getting the ROI that they expect out of their SOCs for the amount of money being spent.
Increasing security analysts’ salaries is undoubtedly a good thing in order to attract top talent in a highly competitive market and fairly compensate them for performing a stressful job. However, it is only part of the equation. If organizations want to both reduce the complexity and operational costs of their SOCs while also improving the job satisfaction for their cybersecurity analysts, they should look to increase investments in automation technologies.
Modern technology solutions leveraging artificial intelligence (AI) and machine learning, such as security orchestration automation and response (SOAR) and extended detection and response (XDR) technologies, help reduce operational costs and improve SOC performance by creating greater efficiencies across an organization. These tools and technologies help provide SOC analysts greater visibility by integrating and unifying all control points, security data, analytics and operations in one platform. By bringing multiple telemetries such as endpoint, network, web filters and cloud sensors into one centralized view, security automation technologies accelerate threat detection and response. At the same time, they can triage alerts and automate mundane tasks that analysts would normally perform daily, thereby reducing workload and improving analyst morale. Vendor-agnostic XDR solutions can integrate with leading SOAR platforms and apply analytics across a broad range of disparate cybersecurity technologies and telemetries to detect incidents quickly, determine risk level and automate a response – all of which reduces an attacker’s dwell time in the organization’s systems.
Without a doubt, organizations across all industries today recognize the growing risk that cybersecurity threats pose. They also understand the important role that their SOCs – and the professionals who staff them – play in keeping these threats at bay. However, the rising costs and complexity associated with operating SOCs is slowly eroding their perceived ROI and effectiveness. Cybersecurity professionals that want to continue to prove the value of their SOC while also strengthening their organizations’ cybersecurity posture should look to automation technologies. These emerging cybersecurity tools help augment and complement existing security solutions and teams, maximizing SOC performance and minimizing costs while reducing analysts’ daily stress – something security analysts and organizations alike can be happy about.
About the author: Chris Triolo is Vice President of Customer Success at Mandiant. Chris’ security expertise includes building world-class professional services organizations as VP of Professional Services at ForeScout and Global VP of Professional Services and Support for HP Software Enterprise Security Products (ESP).
