Security teams overconfident in detecting cyberthreats
June 16, 2020
New research has revealed that security operation centres are not adequately focused on threat dwell time.
Exabeam, the Smarter SIEM ™ company, today released its annual examining the processes and effectiveness of corporate security operations centers (SOCs) has been released by SIEM provider Exabeam. The 2020 State of the SOC Report reveals that 82% of SOCs are confident in their ability to detect cyberthreats, despite just 22% of frontline workers tracking mean time to detection (MTTD), which helps determine hacker dwell time.
This unfounded confidence is made worse by the fact that 40% of organisations still struggle with SOC staff shortages and finding qualified people to fill the cybersecurity skills gap.
Cyber technology trends
Dwell time, the time between when a compromise first occurs and when it is first detected, has grown According to Steve Moore, chief security strategist at Exabeam. SOCs are paying greater attention to employee well-being and measures for better communication. "However, disparate perceptions of the SOCs’ effectiveness could be dangerously interpreted by the C-suite as assurances that the company is well-protected and secure, when it’s not.”
SOC leaders and frontline analysts do not agree on the most common threats facing organisations. SOC leaders believe that phishing and supply chain vulnerabilities are more important issues, while analysts see DDoS attacks and ransomware as greater threats.
Small and medium-sized teams are more concerned with downtime or business outage (50%) than with threat hunting and yet the majority of respondents (61%) cited threat hunting as a must-have hard skill. In general, monitoring and analytics, access management and logging are all higher priorities this year. To support this, most SOCs expect to see security orchestration, automation and response (SOAR) tools take precedence over other technologies in upcoming years.
SOCs in the UK and the USA have shown year on year improvements in recruiting costs and identifying candidates with the right expertise. Workplace benefits, high wages and a positive culture were this year’s top drivers for retention in nearly 60% of SOCs.
There remain challenges, however. 64% of frontline employees in SOCs reported a lack of career path as a reason for leaving jobs. And many SOCs reported that they lacked the necessary investment in technology, training and staffing to do their jobs well. These are some of the reasons that nearly a quarter of SOCs in the USA (35% across Canada) report being understaffed by more than 10 employees.