SOCs to Turn to Security Automation to Cope with Growing Threats
Increasingly complex threats, staffing shortages, and rising costs are driving investments in security automation
By Chris Triolo, Vice President of Customer Success, FireEye
The cybersecurity landscape is becoming ever more complex as the number and sophistication of threats continue to rise across all channels and industries. Ransomware, phishing, supply chain attacks and other threats have all grown dramatically over the past year. The FBI reported that complaints made to its Internet Crime Complaint Center (IC3) quadrupled in 2020; Interpol recently warned of an alarming spike in cyberattacks aimed at major corporations, government agencies and critical infrastructure. No organization is safe from threats.
These mounting cybersecurity challenges are further complicated by the fact that organizations of all sizes are facing a shortage of skilled security professionals who are now tasked with securing increasingly distributed, cloud-based environments as much of the world works from home due to the COVID-19 pandemic.
In response to these factors, security operations centers (SOCs) play a critical role in helping organizations strive to protect their networks, endpoints and sensitive data from cyber threats. In a recent Ponemon Institute report surveying more than 600 IT security professionals that FireEye partnered on, a full 80 percent said that their SOC is essential or very important to their organization. Yet, despite the growing recognition of the importance of the SOC, organizations are not getting the results they expect.
The report found that 51 percent of respondents believe the return on investment (ROI) of their SOC is getting worse, not better. Increasingly complex security management, high staff turnover and growing operational costs are adding to the perception that SOCs are not delivering enough value. To make their SOCs more efficient and cost effective, as well as to strengthen their cybersecurity posture, organizations are turning to new technologies like extended detection and response (XDR) to help their SOC analysts gain better visibility across networks, triage incidents and automate remediation.
Key Challenges Facing Today’s SOC
Sudden Shift to Remote Work
The most significant challenges facing SOCs have changed over the last year. The COVID-19 pandemic not only brought increased cybersecurity threats, but also changed the very way that SOCs must operate. As shelter-in-place orders swept the nation and people in many industries began working from home, security professionals were suddenly tasked with securing a newly-remote and dispersed environment. More than half of the respondents (51 percent) in the Ponemon survey say the impact on their performance has been significant. Security teams are struggling to secure their remote employees and access points to the organizational network, especially when high-profile security vulnerabilities have been discovered in popular collaboration platforms that businesses are now reliant upon. As a result, more SOCs are deploying incident response and remediation solutions (45 percent of respondents in 2020 compared to just 39 percent in 2019) in an effort to help their analysts more efficiently handle threats once they’ve been identified.
High Stress, Job Dissatisfaction
The increasing complexity of the cybersecurity landscape, heavy workloads and the need to be on-call around the clock is taking its toll on SOC analysts in the form of stress and dissatisfaction with their work. Seventy-five percent of respondents in the Ponemon survey agreed that the high-stress environment of the SOC is causing analysts to burn out quickly. With the global cybersecurity industry already facing a shortage of 4 million trained workers, organizations cannot afford to lose their skilled security professionals. Many are trying hard to keep their SOC analysts by raising salaries. The average salary has increased over the last year from $102,000 to $111,000 and nearly half (46 percent) of respondents say they expect salaries will increase again in 2021. Yet, only 38 percent of the surveyed IT security professionals believe they will still be able to hire the talent needed for their SOCs in 2021.
Increasing Operational Costs
Perhaps the most important factor contributing to the perception that SOCs are not delivering sufficient ROI are ever-rising operational costs. Organizations surveyed are spending an average of $2.7 million per year on security engineering. However, only 51 percent rate their security engineering efforts as effective or very effective. Meanwhile, the average cost of paying for a managed security service provider (MSSP) to monitor their security through a SOC also increased to $5.3 million in 2020, compared to $4.4 million just a year prior. With a 20 percent year-over-year increase in this operational cost alone, it’s no wonder organizations are looking for ways to gain efficiencies.
Improving SOC Performance Through Automation
In order to address these challenges and gain more value from their SOCs, organizations are increasing investments in emerging security automation tools like Extended Detection and Response (XDR). These solutions can provide SOC analysts with greater visibility across their endpoints and networks for improved threat detection, while also helping triage alerts and automating the response and remediation process. By reducing alert overload and eliminating some of the manual, mundane tasks, these technologies can help reduce security engineering costs, boost SOC performance and alleviate some of the workload from overburdened analysts.
The cybersecurity landscape is rapidly evolving and threats will only continue to rise. Even after the COVID-19 pandemic is behind us, many organizations will continue to operate with a more remote and dispersed workforce that is increasingly reliant on cloud technologies. The SOC will continue to be critically important in this new reality to help protect organizations from threats. Through investments in security automation technologies, organizations can improve the performance and ROI of their SOCs while helping keep their analysts happy and loyal.
About the Author
Chris Triolo is the Vice President of Customer Success at FireEye. Chris’ security expertise includes building world-class professional services organizations as VP of Professional Services at ForeScout and Global VP of Professional Services and Support for HP Software Enterprise Security Products (ESP). Chris’ depth in security operations and leadership includes a long tenure at Northrop Grumman TASC supporting various Department of Defense and government customers including Air Force Space Command (AFS PC) Space Warfare Center, United States Space Command (USSPACECOM) Computer Network Attack and Defense, Air Force Information Warfare Center (AFIWC), and others.
Chris can be reached online at our company website https://www.fireeye.com/.