SOC Teams Care Too Much About Detecting Cyberthreats and Not Enough About MTTD

The self-assessed effectiveness of corporate security operations centers (SOCs) seems to be overestimated by the people working in those positions, a new study from Exabeam revealed. 

In a corporate environment, the role of the SOC is well defined. It’s usually performed by highly qualified employees with the sole purpose of ensuring the company’s security. But those people are affected by their bias, just like everyone else, and tend to overestimate their efficiency. 

A new survey from Exabeam that covered 295 respondents across the U.S., the U.K., Canada, Germany and Australia showed that 82% of SOC operators are confident in their ability to detect cyberthreats. 

The main problem is not the SOCs’ ability to detect cyberthreats, but the mean time to detection (MTTD) — more precisely the time between when the network is compromised and the subsequent detection. Only 22% of SOC operators are tracking the MTTD. It’s essential to be able to detect a cyberattack, but it becomes useless if the attacker spends a long time in the infrastructure before being caught. 

“Highlighting the imbalance is that SOC leaders and frontline analysts do not agree on the most common threats facing the organization,” states the Exabeam study. “SOC leaders believe that phishing and supply chain vulnerabilities are more important issues, while analysts see DDoS attacks and ransomware as greater threats.” 

The survey also unveiled some interesting new trends. While 40% of organizations still struggle with SOC staff shortages and finding qualified people, SOC outsourcing in the U.S. has declined 36% to 28% year-over-year, while U.K. outsourcing rose from 36% to 47%. 

The staffing problems seem to be the most prominent issues affecting SOCs, with 23% of personnel across the U.S. and 35% in Canada reporting being understaffed by more than 10 employees. What’s worse, 64% of frontline employees in the SOC reported the lack of a career path as a reason for leaving jobs, and some SOC employees report that companies don’t invest as much as they should in technology and training.

*** This is a Security Bloggers Network syndicated blog from Business Insights In Virtualization and Cloud Security authored by Silviu STAHIE. Read the original post at: