FireEye, a global security company, has published its second annual research report on “Security Operations Center (SOC) Operation: The Real Cost for Effective Results,” in collaboration with the Ponemon Institute.
According to the report, organizations are paying more to address a wide range of SOC issues, with increasing security management complexity, analyst salaries, and security engineering and management outsourcing costs, but still not getting satisfactory results. As a result, several companies are increasing investments in new SOC tools such as Extended Detection and Response (XDR) and security automation.
As management complexity increases and security engineering and management outsourcing costs increase, SOC return on investment (ROI) is decreasing. More than half (51%) of respondents surveyed said that their ROI on SOC is declining. This is a 7% increase from 44% in 2019. In addition, over 80% of respondents rated the SOC in use as very complex, up from the 2019 survey response (74%).
Outsourcing costs are increasing. The cost of paying a Managed Security Services Provider (MSSP) for security monitoring is also increasing, which appears to have an impact on ROI. The average annual cost of outsourcing by the organizations surveyed was $5.37,250, which was higher than $4,451,500 in 2019. This translates to an annual increase of about 20%.
Organizations surveyed spend an average of $2716,514 annually on security engineering. However, security engineering, which only 51% of respondents use, is effective or very effective.
Security analyst salaries have risen, but there are still challenges in increasing employee motivation and morale. It turns out that security analysts are struggling with long working hours and tricky tasks. 85% of survey respondents said that working at SOC is difficult or very difficult. This is a 13% increase from 72% in 2019. The increase in workload and the need to wait all the time makes security analysts exhausting, and the percentage of respondents that these factors cause burnouts increased from 70% in 2019 to 75%.
SOC is not keeping up with security analyst turnover. The organizations surveyed plan to hire an average of five analysts in 2021, and they predicted that three analysts would be retired or fired within one year. Security analyst salaries rose from an average of $102,000 in 2019 to an average of $111,000 in 2020, so organizations are paying more than before, but only 38% of respondents believe they can employ the right talent.
Research shows that investment in new XDR and security automation tools is increasing. This shows the potential to reduce security engineering costs and increase SOC performance and employee morale.
Organizations are investing in XDR as a new field for improving SOC performance. Organizations surveyed averaged $33,150 for XDR, $345,000 for security orchestration, automation and response (SOAR), and $285,000 for managed threat detection and response (MDR). For security information event management (SIEM), it budgeted $183,150.
Despite perceived low ROI, respondents indicated that SOC is very important to maintaining a strong security posture. The percentage of respondents saying that SOC is essential or very important has increased from 73% last year to 80% this year. The most important SOC activities included minimizing false positive reporting (88%), securing agile DevOps capabilities (85%), and automating machine learning tools (80%).
FireEye CS (Customer Success) vice president Chris Triolo said, “From the Ponemon report, we can see that the organization is struggling with the rising cost of security operations. However, despite increasing investment costs, it is increasing day by day. “We are still unsatisfied with our cyber threat response capabilities,” he said. “The security team is now implementing new technologies that can increase the efficiency of analysts by reducing the overload in handling issued alerts and eliminating simple tasks while providing better efficiency and visibility. I’m looking for it.”
Reporter Hyangseon Lee [email protected]
Source: 전체 – 넥스트데일리 by www.nextdaily.co.kr.
*The article has been translated based on the content of 전체 – 넥스트데일리 by www.nextdaily.co.kr. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!