© 2019 SourceMedia. All rights reserved.

Firms lack faith in information security operations centers

While the security operations center (SOC) is considered an important component of business, many organizations rate their SOC’s effectiveness as low, according to a new report from Ponemon Institute and data analytics platform provider Devo Technology.

For the research, Ponemon Institute surveyed 554 IT and security practitioners worldwide in organizations that have a SOC, and found that 49 percent of the respondents said their organization’s SOC is not fully aligned with business needs. Problems such as a lack of visibility into the network and IT infrastructure, lack of confidence in the ability to find threats, and workplace stress on the SOC team are diminishing its effectiveness.

server cables 12.jpg
Fibre-optic cables feed into a server inside a comms room at an office in London, U.K., on Friday, Oct. 16, 2015. A group of Russian hackers infiltrated the servers of Dow Jones & Co., owner of the Wall Street Journal and several other news publications, and stole information to trade on before it became public, according to four people familiar with the matter. Photographer: Chris Ratcliffe/Bloomberg

In addition, security professionals said working in the SOC is a challenge, leading 65 percent to report having considered changing careers or quitting their jobs. As a result of these factors, 78 percent of respondents said the mean time to resolution (MTTR) can be weeks to months or even years.

The top barrier to SOC success, according to 65 percent of respondents, is a lack of visibility into the IT security infrastructure effectiveness. More than half of the respondents (53 percent) rate their SOC’s ability to gather evidence, investigate, and find the source of threats as ineffective. The primary reasons are limited visibility into the network traffic, lack of timely remediation, complexity, and too many false positives.

For reprint and licensing requests for this article, click here.