Steve Moore, Chief Security Strategist at Exabeam, takes a look at some of the key trends revealed in Exabeam’s 2019 State of the SOC Report and discusses the implications they could have on future operations.
Security Operations Centres (SOCs) have played a key role in enterprise security operations for many years, but with the landscape evolving at a faster rate than ever before, some are now struggling to keep up.
An effective SOC relies on a combination of technology, resourcing, strong leadership, the right level of investment, and support from senior management to be successful. Take any one of these away and performance can quickly begin to fall away.
Exabeam conducts an annual, detailed ‘State of the SOC’ survey amongst security professionals with management responsibilities in both the UK and US, in order to understand what the latest challenges and trends are for SOCs and how they hope to address them.
In this article, we will look at some of this year’s main findings and examine how they are affecting the ability of SOCs in both countries to perform to the best of their ability.
Also of interest: How can CISOs be better leaders? – Podcast with Steve Moore
Resourcing still the number one issue for many SOCs
The ongoing global shortage of skilled cyber security staff continues to cause major headaches for many of the respondents in this year’s survey.
In some of the worst cases, as many as 10 additional employees will be required before SOCs can be considered fully staffed. These kinds of shortages will inevitably have an impact on SOC effectiveness, leaving them overstretched and prone to alert fatigue, increasing the likelihood of a successful attack.
Also of interest: “The more you understand people, the better security leader you can be” – Kevin Fielder, CISO, Just Eat
Automation now playing a much bigger role in day-to-day operations
Over the last 12 months, there has been a massive 71 percent increase in the number of frontline SOC analysts now using automation in their day-to-day activity (48 percent in 2019, versus 28 percent in 2018). This is likely a direct result of staff shortages, with organisations looking to use technology to make their employees’ lives easier wherever possible.
It also shows just how important automation is becoming to overall operational efficiency in modern SOCs.
Also of interest: What is EDR and is it failing?
Soft skills becoming increasingly important amongst existing employees
While hard/technical skills continue to be critical to SOC effectiveness, an interesting trend coming out of this year’s report is the growing emphasis being placed on soft skills, particularly social and interpersonal skills.
65 percent of this year’s respondents said these were important, up from 52 percent in 2018, suggesting team harmony and good working relationships are increasingly coming under the microscope. This is backed up by similar growth in the importance of communication skills, up from 68 percent in 2018 to 75 percent in 2019.
Also of interest: Podcast – Can we protect our National Critical Infrastructure from a major cyber-attack?
CIOs and CISOs are more hands on in key areas
Whether it’s the result of pressure from above, or a growing unease about the risks facing their organisation, a large number of CIOs and CISOs are now much more actively involved in certain key areas of SOC activity than they were 12 months ago.
In particular, 86 percent of CISOs are now involved in incident response, compared to just 65 percent in 2018, while 67 percent are also involved in threat hunting now, up from 51 percent in 2018.
Also of interest: Understanding the MITRE ATT&CK Matrix
Many SOCs still feel underfunded, particularly where technology is concerned
Despite the 2019 report showing investment taking place in a variety of key technologies including access management (up 6 percent from 2018) and AI (up 4 percent from 2018) almost 40 percent of respondents still felt that even greater investment is needed.
In line with earlier findings, 34 percent of respondents want to see greater investment in automation, in order to help save time during day-to-day operations. After technology, funding for staffing is the next biggest area, with 35 percent of respondents feeling this is needed to help fill gaps in the team and keep existing members happy.
Also of interest: Redefining security for real-time enterprise in 2019
With cyber security now such a hot topic globally, the role of the SOC has never been under more scrutiny. As a result, many CIOs and CISOs are feeling obliged to get much more involved with particularly sensitive areas including incident response and threat hunting.
While there’s no quick fix to ongoing staff shortages, technology such as automation is now becoming a mainstay of many SOC operations, helping to lighten the load on existing staff and maintain overall efficiency.
Greater emphasis on soft skills also suggests a growing push to ensure harmony amongst team members and prevent avoidable attacks from slipping through the net on account of poor communication.
Finally, there’s still a lingering perception that underfunding in key areas, such as technology and staffing, is holding SOCs back and preventing them from reaching the pinnacle of what they are capable of. All of these findings are just a small proportion of what’s available in the full Exabeam 2019 State of the SOC Report.
To download the full report, please click here.