Firms lack faith in information security operations centers
While the security operations center (SOC) is considered an important component of business, many organizations rate their SOC’s effectiveness as low, according to a new report from Ponemon Institute and data analytics platform provider Devo Technology.
For the research, Ponemon Institute surveyed 554 IT and security practitioners worldwide in organizations that have a SOC, and found that 49 percent of the respondents said their organization’s SOC is not fully aligned with business needs. Problems such as a lack of visibility into the network and IT infrastructure, lack of confidence in the ability to find threats, and workplace stress on the SOC team are diminishing its effectiveness.
In addition, security professionals said working in the SOC is a challenge, leading 65 percent to report having considered changing careers or quitting their jobs. As a result of these factors, 78 percent of respondents said the mean time to resolution (MTTR) can be weeks to months or even years.
The top barrier to SOC success, according to 65 percent of respondents, is a lack of visibility into the IT security infrastructure effectiveness. More than half of the respondents (53 percent) rate their SOC’s ability to gather evidence, investigate, and find the source of threats as ineffective. The primary reasons are limited visibility into the network traffic, lack of timely remediation, complexity, and too many false positives.