SOC workers and bosses can’t see eye-to-eye, says study
Wed 6 Jun 2018
Workers in security operations centres (SOCs) deal with understaffing, work with old tech, and have managers that don’t understand their needs, a new study says.
The State of the SOC report, released by security information and event management (SIEM) firm Exabeam, found that 83% of managers and frontline employees are frustrated with legacy technology, compared to 27% of CIO & CISOs.
It also found that many frontline staff believe their SOC to be understaffed. As well as understaffing, many respondents saw a problem with a lack of experience.
Again, there was a pronounced disparity between the concerns of those at the coalface and those in the boardroom. 62% of those on the frontline saw inexperience as a major pain point, with only 21% of CIOs and CISOs agreeing.
Steve Moore, Exabeam’s chief security strategist, elaborated on these points. “From my experience, most CIOs would not have worked in a SOC. A lot of times, you’ll get an exec who’s never worked in ops, they may have come from a different area of the business. I would say there’s a very low percentage that most CIOs or CISOs will have worked in security,” he told The Stack.
“Furthermore, depending on your age, there may not have been a ‘SOC’, there might have been a firewall console, but not this analytic capability that you’re dealing with today. Or, maybe 10 years ago you had an old SIEM system, you now won’t be using a lot of the old tech that you cut your teeth on.”
SOC it to ’em
Not only that, said Moore, but alert fatigue plays a big role in the life of frontline analysts, compared to a very small or non-existent part of the executive’s.
The way that leaders can help their staff, Moore believes, is by looking at the everyday problems they face. “Without question, we have to get better at looking at the pain points of your day and assessing that,” Moore said. Once you’ve done that, he believes, you can look into meaningful automation.
“How often do you use a phone book? Never. Because if you’re not sure, you look it up and it’s a matter of seconds. The same thing is true in a SOC, and as a leader, a CIO or CISO, you need to have a look and see how many manual processes there, and you need to say; ‘OK, is this normal?’
“Otherwise you’re going to burn up your resources. You know you’re understaffed, you need to say what are you’re going to do to remedy some of that.”
Moore believes that products like Exabeam’s, which offer things like visibility, data lakes, analytics, and automated response, can go some way to solving these problems.
His main takeaway, however, is that it’s about better communication between top and bottom. “A lot of organisations are ignorant to their own pain. So much relies on the SOC, so when there’s a great divide between the opinions and needs of the frontline staff and those of the business leadership, there needs to be a discussion.”