ICIT Virtual Briefing: Optimizing SOC Operations
Updated: Feb 11
Security operations centers (SOC) are the backbone of the cybersecurity industry providing defense, mitigation, and incident response against risks and attacks. However, SOCs are often criticized as ineffective, and one of the most frequently asked questions about SOC performance is “how to measure SOC effectiveness?” While mean time to resolution (MTTR) is the standard measure of effectiveness, this high-level measurement does not address the underlying optimization and performance improvement opportunities. SOC teams cite lack of visibility to attack surfaces, analyst burnout and turnover, and lack of budget for technology enhancements as the rationale for low performance.
Effective SOC performance is a critical factor for cybersecurity success in a rapidly evolving threat landscape. In this session, an expert panel will discuss recommendations to improve SOC performance such as automation, machine learning, strategic alignment, and analyst burnout. Invite your SOC managers and analysts to join us as we explore opportunities to optimize SOC performance:
Session Outcomes: 1. Identifying critical drivers for SOC performance (beyond MTTR) 2. Recognize the value of strategic alignment in SOC operations 3. Differentiate between high and low performing SOCs 4. Understand the barriers to optimal performance 5. Discuss recommendations and enhancements to SOC support performance
ICIT Panelists include: - Colonel Joshua Rockhill, Commander 688th Cyberspace Wing, USAF - Jennifer Saunders, Branch Chief, Computer Security Incident Response Center (CSIRC) - Dan LaGraffe, Deputy CISO, US DOE - Gunter Ollmann, CSO, Devo - Moderator: Joyce Hunter, Executive Director, ICITP
Post-Briefing ICIT Certified Content: 2021 Devo SOC Performance Report™: SOC Leaders and Staff Not Aligned
ICIT Certified Content: The 2021 Devo SOC Performance Report™ shows that security operations centers - and those who work in them - continue to have a number of challenges to overcome. Based on an independent survey of global cybersecurity professionals, our third annual report examines current trends for those who lead and work in SOCs. While there are some indicators of slight improvement, it’s clear that for too many people, working in the SOC remains painful. The 2020 survey results told a tale of two SOCs — high and low performers. High performers are those with the funding, tools and staff to accomplish most of their cybersecurity goals. Low performers are those SOCs lacking in some or all of the foundational elements required for success, which is why they struggle in the face of myriad challenges. This year’s report provides fresh insights about what separates high- and low-performing SOCs.
The 2021 report also presents a new perspective on the challenges facing SOCs and those who work there by focusing on survey responses from SOC leaders and the staff members who work for them. The results from the two groups often diverge widely, which points to the vastly different perspectives of analysts and leaders about how well SOCs are accomplishing their goals. There are more differences than areas of agreement about what makes a SOC successful, especially in its ability to gather evidence, investigate and identify the source of threats.
The report is based on the results of a comprehensive, independent survey Devo commissioned and Ponemon Institute conducted in September 2021 of more than 1,000 global cybersecurity professionals.
The survey generated insightful responses about key challenges affecting SOC operations, including:
• The continuing gap between high-performing and low performing SOCs
• The ongoing pain driving SOC analysts to consider quitting their jobs
• The disconnect between SOC leaders and staff
In general, the year-over-year findings of SOC performance remain largely consistent. Some areas show slight improvement while others indicate problems have worsened. Overall, the results plateaued in 2021, which shines a spotlight on the challenges for organizations’ cybersecurity programs and the job satisfaction and mental well-being of SOC analysts.