Organizations with a dedicated security operations center (SOC) know how much it helps combating cyber threats. 72% of IT security practitioners in organizations with a SOC categorize the unit as “essential” or “very important” to their organization’s cybersecurity strategy. However, 60% of SOC team members are considering changing careers or quitting due to stress.
The importance of an SOC to an enterprise is underscored by the critical nature of its activity. A survey by Ponemon Institute, commissioned by Devo, reveals strong alignment (73%) between cybersecurity efforts and core business objectives in organizations with high-performing SOCs – more than double the effectiveness of their lower-performing brethren. Additionally, the average annual cybersecurity budget for organizations rose by $6 million to $31 million, with the SOC representing more than a third of the total.
Yet barriers facing SOC teams are growing. One in six SOC team members is considering changing careers or leaving their job due to stress, according to the data. Major areas of pain and friction include:
- 70% lack visibility into the IT infrastructure (up from 65%)
- 64% fight turf or silo issues between IT and the SOC (up from 57%)
- 71% need greater automation (up from 67%), especially as they continue to spend substantial manual cycles on tasks such as alert management (47%), evidence gathering (50%), and malware protection and defense (50%)
- Environmental factors are substantially driving pain, including information overload (67%, up from 62%), burnout from increased workloads (75%, up from 73%) and “complexity and chaos” in the SOC (53%, up from 49%)
- Skills shortage remains a perennial issue, reported by more than 50% of respondents, further exacerbating the issue
- People, process and technology are misaligned and inefficient across the board
More than half have no formal training/retention programs but, at the same time, they say the lack of skilled personnel is a major factor in SOC inefficiency. Finally, mean time to response (MTTR) remains high, with 39% saying their average time to resolve an incident is “months or even years.”
Organizations are sitting on too many tools and lack the ability to capture actionable intelligence – two age-old blind spots for security analysts everywhere. Bitdefender Advanced Threat Intelligence collects data from sensors across the globe, correlates hundreds of thousands of Indicators of Compromise and turns the data into actionable, real-time insights, enabling SOCs to bolsters security operations with a deep base of real-time knowledge.
Threat Intelligence improves threat hunting and forensic capabilities with contextual, actionable threat indicators, accelerating incident response. With unique insights into Advanced Persistent Threats and Command and Control IP feeds, SOCs can even fend off attacks before they’re launched. Our 800+ researchers and developers take a layered approach using artificial intelligence, deep learning and anomaly-based detection to ensure the accuracy of threat intel feeds.
Our platform-agnostic solution serves Managed Security Service Providers, Managed Detection & Response companies, security consulting firms, as well as enterprises with dedicated SOC centers. Learn more at https://www.bitdefender.com/oem/advanced-threat-intelligence.html.