Security Operations

SOC Benchmarking Study – How Does Yours Stack Up?

Dan Lamorena
by Dan Lamorena
category Security Operations

What if we told you that nearly half (49%) of IT security practitioners are dissatisfied with the effectiveness of their Security Operation Centers (SOCs) or service providers?  If you can relate, you might want to download our 2019 SOC benchmarking report with the Ponemon Institute. Those of you looking to gain efficiencies or increase your ROI with security monitoring and analysis this is a must-read.

For the report, Ponemon surveyed 637 security practitioners who work in or manage SOCs. The intent of this research is to understand the investments that organizations are putting into building and maintaining Security Operations and highlight the barriers that are preventing teams from being effective.

The digitized business is bringing more data online and into the cloud, and organizations are leveraging SOCs to monitor inbound threats to that data. As a result, the modern SOC is a foundational part of many organizations’ cybersecurity posture today. And the investment that organizations pour into their SOCs reflects that importance. On average, organizations spend $2.86 million annually on their in-house SOCs.

Yet despite this investment, our research uncovered that a majority of organizations found their investments in SOCs to be expensive and not performing as well as they had hoped.  Significantly, the cost increases to $4.44 million annually if outsourced to a managed security service provider (MSSP), negating any cost efficiency expectations from outsourcing. Reflecting this frustration, only 51% of organizations represented in this study are satisfied with either the effectiveness of their SOC or their service provider.

As the study reveals, there is a substantial expense in hiring, training and retaining SOC employees, making people one of the largest investment areas for the SOC. Exacerbating this expense is personnel turnover, with most reporting loss of SOC professionals due to burnout and related stressors. Interestingly, while the best-performing SOCs have a greater number of employees and slightly less turnover, they cost significantly more. However, most organizations can’t or don’t have the resources to build out best-of-breed infrastructure. In search of a solution, many organizations turn to outsourcing their SOCs with MSSPs, but that’s not a guarantee of success either. The report found that 42% of respondents consider their MSSPs to be ineffective.

If you want to see how you stack up with your peers, click here to read the full report!

It’s time for a new way of looking at SOC management. Security Operations Centers are critical to a successful security program, and as an industry we invest heavily in the people, process and technology to support them (whether in-house or through an MSSP).  What the industry is doing now isn’t as effective as it should be, and perhaps not sustainable into the future.  That means the industry has to change the way it thinks about the security operations problems it’s trying to solve. 70 percent of respondents agreed that SOC analysts burn out quickly because of the high-pressure environment, information overload and chasing too many alerts as the main drivers. Is throwing more people (or spending 2x to outsource) at the information overload problem the answer?

Read more:

Press Release: Respond Software and Ponemon Institute Find Half of SOCs Ineffective

Cybercriminals don’t punch a clock:  How to protect your network after hours

5 Tips for building a modern SOC without filters

Take the MSSP Challenge

Prioritizing Security Operations Projects