A SOC reality check: Top SecOps team challenges and best practices>
Tech Beacon – John P. Mello J
One study, conducted by the Ponemon Institute and released in January, found that only slightly more than half of organizations (51%) were satisfied with the effectiveness of their SOCs in detecting attacks.
Another troubling development is the rising perception that the return on investment from a SOC is getting worse. The Ponemon study found that more than half of organizations (51%) felt that way, compared with 44% in 2019.
The study, based on a survey of 16,841 IT and IT security practitioners that have a SOC, found that organizations spend an average of $2.86 million annually on their in-house SOC. That cost increases significantly, to $4.44 million, if SOC functions are outsourced to a managed security service provider.
To be more effective, organizations need to spend more money, the researchers found. An average of $3.5 million was spent on highly effective SOCs, compared with an average of $1.96 million on SOCs with very low effectiveness.
Here are the top SecOps team challengesâand best practices for dealing with them.
1. Cost of complexity Indeed, the Ponemon study found a connection between complexity and SOC effectiveness. Nearly three-quarters of the organizations surveyed (74%) acknowledged difficulty managing their SOCs because of their complexity. “As a result,” the researchers wrote, “only about half of respondents (51%) say their organizations are highly effective in detecting attacks.”
A survey of Fortune 1,000 companies released in February by CardinalOps, maker of an AI-powered threat coverage optimization platform, found that many of the rules and policies written for SIEMs are ineffective. For example, researchers found that an average of 25% of SIEM rules are broken and will never fire, primarily due to fields that are not extracted correctly or log sources that are not sending the required data.
In addition, they discovered that 15% of SIEM rules lead to 95% of the tickets handled by a SOC, demonstrating that a small percentage of noisy rules overwhelm SOC analysts with distracting false positive alerts.
2. Staffing challenges The average pay for a Tier 1 analyst is $102,315, an it’s expected to keep going up. Nearly half of the organizations surveyed by researchers (45%) predicted salaries to jump an average of 29% in 2020. The report said that more than half the costs of running a SOC are labor-related, with the average cost of maintaining a SOC being around $3 million â $1.46 million for labor, and $1.4 million for everything else. Skilled analysts are difficult to find, and the supply seems to outstrip the demand by an order of magnitude. “This has been discussed ad nauseam,” he noted.
3. Build in cyber resiliency While organizations may be disappointed in the bang they’re getting from their SOC bucks, as the Ponemon/Respond study points out, the centers remain important to many organizations’ security strategy.
A modern SOC is key Artificial intelligence and machine learning are replacing rules-based detection and IR, and remediation are built into workflow and have better automation.
Link: https://techbeacon.com/security/soc-reality-check-top-secops-team-challenges-best-practices