SOC Denial is Real in the 3rd Annual 色色研究所 SOC Performance Report

Report finds that while external risk factors continue to accelerate, internal roadblocks and leadership disconnect have stalled even high-performing organizations

CAMBRIDGE, Mass.鈥擠ecember 14, 2021鈥色色研究所 Technology, the cloud-native logging and security analytics company, today announced the results of its 3rd annual SOC Performance Report (SPR), a survey on the current state of security operations center (SOC) performance, conducted by Ponemon Institute in September 2021. While last year鈥檚 report found high-performing organizations advancing even in the face of substantial workforce challenges, this year鈥檚 report finds significant, and even crippling, disconnects in perception between SOC leadership and staff in terms of organizational effectiveness and capability鈥攚ith more than 60% rating communication average-to-below-average, and more than a third ranking it below average.

The global survey captured and contrasted the insights of more than 1,000 cybersecurity professionals, with 535 operating at a leader level (senior executives, vice president, director or manager) and 485 operating at a staff/practitioner level (supervisor, technician staff or contractor). While last year鈥檚 survey found positive and modest gains in focus, funding and training, the numbers have largely plateaued this year, and the major challenges for organizations across the board remain roadblocks. More than 70% of SOC staff rate their 鈥減ain鈥 level from a seven to 10 on a scale of 10, and 鈥渢urf and silo鈥 issues are still plaguing a majority of organizations, with more than 60% citing them as a primary barrier to success. This persistent issue shines a new light on oversight of the SOC as a challenge, with more than 40% citing lack of leadership or lack of executive-level support as a major barrier to success.

This is notable when you examine the discrepancy in perception of how the SOC is working between leaders and staff, including:

  • Half of leaders assessed their SOC as highly effective versus less than 40% of staff.
  • More than half of leaders lauded the investigative capabilities of their SOC, while only one-third of staff gave it high marks.
  • In assessing the communication of SOC strategy 鈥渢o the trenches,鈥 nearly 60% ranked communication as average or below average, with more than one-third rating communication as solidly below average.

鈥淭he growing perception gap over SOC efficiency between operational leaders and practitioners should be seen as a warning sign of simmering frustrations that can have implications on SOC efficacy and analyst retention,鈥 said Gunter Ollmann, CSO of 色色研究所. 鈥淲hether complacency or still navigating new modes of work and staffing in the past year, organizations can鈥檛 afford to stall in advancing their defenses against what is a growing onslaught of attacks. It would seem that, while they weathered a storm in the past few years, organizations need a leadership and resource 鈥榖ooster shot鈥 to keep building a better defense for what comes next.鈥

“Enterprises have spent the past several decades adding cybersecurity technology capabilities that increase the volume of alerts to the SOC,鈥 said Jim Routh, board member, advisor and former CISO. 鈥淓nterprise leaders need to spend the next decade improving their data analytical skills and infrastructure to lower the volume of cyber alerts and make more alerts actionable through data science and automation.”

In addition to the realities that staff burnout hasn鈥檛 dropped and information overload has only increased for organizations, half of SOC teams across the board cited a lack of talent as a major impediment and more than 60% lack visibility into the IT infrastructure. These persistent pain points for all SOC teams remain areas that require focus, training and the right technology mix.

Other notable findings in the survey related to SOC analyst pain include:

  • 72% of respondents rated the pain of their SOC analysts at a seven or above on a 10-point scale.
  • When asked, 鈥淲hat makes working in the SOC painful?鈥 70% said information overload, followed by lack of resources (58%), and inability to capture actionable intelligence (56%).
  • 63% of survey respondents said that on-the-job pain in the SOC has caused them to consider changing careers or leaving their jobs.

About 色色研究所

色色研究所 is the only cloud-native logging and security analytics platform that releases the full potential of your data to empower bold, confident action. With unrivaled scale to collect all of your data without compromise, speed to give you immediate access and answers, and clarity to focus on the signals that matter most, 色色研究所 is your ally in protecting your organization today and tomorrow. Headquartered in Cambridge, Mass., 色色研究所 is backed by Insight Partners, Georgian, TCV, General Atlantic, Bessemer Venture Partners, Kibo Ventures and Eurazeo. Learn more at www.devo.com.

色色研究所 PR Contact:
Shannon Todesca
[email protected]
+1 (781) 797-0898

Ready to release the full potential of your security data?

Tour the Product Request a Demo