Respond Software and Ponemon Institute Find Half of SOCs Ineffective
Respondents Surveyed Report Widespread SOC Dissatisfaction,
Despite Significant Investment
MOUNTAIN VIEW, Calif. – Jan. 22, 2020 – Respond Software, innovators in Robotic Decision Automation (RDA) for security operations, and Ponemon Institute today released the findings of a new survey on the cost and effectiveness of today’s Security Operations Center (SOC). The full report is available for download at http://bit.ly/3avuTpC.
The SOC is critical to working and performing in today’s digitized economy as a greater share of business operations and sensitive data is brought online, with 73% of respondents viewing their SOCs as crucial elements of their cybersecurity strategies. The cost that organizations spend on their SOCs reflects this importance, as our research revealed that organizations spend on average $2.86 million annually on their in-house SOCs. Significantly, the cost balloons to $4.44 million annually if organizations outsource to a managed security service provider (MSSP), neutralizing any cost savings from outsourcing.
Despite this substantial investment, almost half (49%) are dissatisfied with the effectiveness of their SOC in detecting attacks. Of those who turned to a managed security service provider (MSSP), 58% rated their MSSP as ineffective. Part of this dissatisfaction stems from the high cost of MSSPs; often twice the cost of staffing and managing a SOC in-house. A majority of these respondents (63%) are looking for a way out, including reviewing new vendors or bringing the SOC function in-house.
Unfortunately, the research also uncovered challenges with running an in-house SOC as well. Those organizations that run their SOCs internally struggle with significant staff burnout and turnover. 70% of respondents agreed that their SOC analysts burn out quickly because of the high-pressure environment and workload, with information overload and chasing too many alerts as the main stressors.
The data indicates that a new way of looking at SOC management is overdue. The Respond Analyst delivers insights that replicate and automate the decision-making of a highly experienced human SOC analyst. Cost-effective, scalable and SIEM-agnostic, the Respond Analyst sidesteps the challenges identified by the report and enables organizations to spot, isolate and mitigate threats at machine scale without sacrificing cost or performance.
Mike Armistead, CEO and co-founder of Respond Software, said: “Security Operations Centers are critical to a successful security program, and organizations invest heavily in the people, process and technology to support them. But as this survey demonstrates, what they’re doing now isn’t as effective as it should be, and that means we have to change the way we’re thinking about the problems we’re trying to solve. We design our products to automate human monitoring and decision making to increase visibility and analyst team capacity so that cybersecurity becomes more scalable.”
Larry Ponemon, chairmain and founder, Ponemon Institute, said:“This study highlighted many of the challenges and perceptions regarding company SOCs, including the substantial impact and cost of personnel for in-house SOCs. Many organizations thus turn to outsourcing, but 58% find their MSSPs to be either ineffective or only moderately effective. This creates a conundrum that suggests a third-way solution is necessary.”
About the survey
Ponemon Institute surveyed 637 IT and IT security practitioners in organizations that have a SOC and are knowledgeable about cybersecurity practices in their organizations. Respondents supervise or are responsible for a variety of SOC activities. In the context of this research, a SOC is defined as a team of expert individuals and the facility in which they work to prevent, detect, analyze, investigate and respond to cybersecurity incidents.
Join Larry Ponemon, founder and principal of Ponemon Institute, and executives from Respond Software for a two-part webinar series on designing an effective SOC.
About Respond Software
Respond Software delivers near-instant return on investment to organizations in their battle against cyber-crime. As a leader in the emerging class of automated software known as Robotic Decision Automation (RDA), Respond Software is working to address the critical shortage of skilled security analysts impacting security teams of all sizes. Its patented intelligent decision engine uniquely combines human expert judgement with the scale and consistency of software to dramatically increase capacity and improve monitoring and triage capabilities at a fraction of the cost of in-house or outsourced personnel. Respond Software was founded in 2016 by security and software industry veterans and services customers across critical infrastructure sectors such as banking, energy, and retail. https://respond-software.com/