Dive Brief:
- The return on investment for just over half (51%) of security operation centers (SOCs) is worsening, according to a Ponemon Institute survey of 17,200 IT and IT security practitioners with a SOC. In 2019, only 44% of respondents said their SOC ROI was not improving.
- The majority of respondents (80%) said their SOCs' complexity is growing, and is further damaged by security analyst turnover. On average, three analysts either resign or are terminated in a one year time period. SOCs have an average of 12 IT security practitioners.
- The pandemic sent at least one-third of SOCs home to work in remote environments, according to Ponemon. More than half of SOCs said it has "significantly" impacted their performance as a result.
Dive Insight:
Before the pandemic, some companies' SOCs were already struggling with operations. With new challenges carried over from 2020, SOCs are making do with what they have.
Ideally, companies should build their own SOC, said Barak Engel, founder and chief geek at EAmmune, while speaking on a virtual SANS Institute fireside chat Monday.
In-house SOCs allow companies to manage their infrastructure, even though outsourced SOCs have more experience in diverse environments, said Engel. Last year, 28% of respondents said their SOC was in-house, down from 32% in 2019. Twenty-nine percent of organizations have a combination of in-house and outsourced SOCs, according to the report.
Hiring and talent retention pose a central hurdle for effective SOCs. Security analysts retain their position for about 26 months, according to the 2020 survey, down from 27.2 months in 2019.
"The kind of people you usually try to hire the SOCs are folks that are very talented. I see this all the time," said Engel. But they may be the wrong type of people to build out a long-lasting SOC.
The motivation of engineers companies typically hire for "routine, repeatable, utterly boring mind-numbing tasks" can dwindle. In that time, they might start experimenting, which could lead to a promotion or other departure from the SOC. Even growing salaries — SOC analyst salaries increased from $102,000 to $111,000 between 2019 and 2020 — cannot prevent analysts from leaving. Nearly half of SOC practitioners expect the trend to continue in 2021.
But a primary reason for analyst turnover is burnout, according to Ponemon. Three-quarters of respondents either "agree" or "strongly agree" that their analysts face burnout from "the high-pressure environment."
For finding the right talent, Engel recommends companies "stop looking for smart engineers, and start looking for people with discipline experience, like army veterans." These are the "folks that are used to the idea of repeatable tasks are executed the same way every day," he said.