Staffing remains an issue for security operations centers (SOCs), which continue to struggle with reporting and documentation while barely being able to stay afloat in a sea of alerts and false positives, according to the annual State of the SOC report from Exabeam.
The report found approximately one-third of respondents said that their SOC was understaffed by 6–10 people. “Nearly 50% of understaffed SOCs indicated they don’t have sufficient funding for technology, while respondents of larger SOCs said that despite recent or increased funding for technology, they recommend continued investment in newer, more modern technologies (39%),” the press release said.
In addition, shifting roles and responsibilities is a top challenge for SOC managers, with C-suite executives taking on the tasks of incident response and threat hunting, while frontline employees are completing fewer operational tasks.
Only 5% of respondents said they see all of the events in the security incident and event management (SIEM) system. Not having full visibility into events is a handicap for SOC managers, who reported that a lack of visibility leaves them more likely to miss security alerts. Because legacy applications are unable to log events, 39% of SOC personnel reported security alerts as the largest pain point that leaves the organization more vulnerable to cyber-attacks.
“There’s an idiom, ‘what you don’t know can’t hurt you.’ But in the information security business, that couldn’t be further from the truth. In fact, it’s what you don’t know – or worse, can’t see – that will significantly harm your business,” said Steve Moore, chief security strategist at Exabeam. “From our survey, an example of how this can manifest is general lack of environmental visibility in the form of too few logs – you can’t protect what you can’t see. Visibility, event context and automation play a key role in building relevant defense, so you can have a fighting chance against even the most sophisticated adversaries.”
Increasingly, SOC managers are placing greater value on soft skills, like communication, with 65% of respondents saying personal and social skills play a critical role in the success of a SOC. In addition, the report found that hard skills, such as threat hunting and data loss prevention, have also increased in importance.