A Million Analysts Won’t Save Your SOC: The Future of Security Operations
It’s no secret that companies across the world face serious challenges when it comes to designing and maintaining their Security Operations Centers (SOC).
With the depth and scope of threats rising with each day, IT budgets directed to security go up concomitantly. Historically, companies have thrown whatever analysts and tools they could at the problem in hopes of staying one step ahead of their attackers. But despite the increase the people and resources, corporations still fall prey to an ever-expanding litany of attacks.Not enough people, too many tools
According to an RSA and ISACA study, 35% of companies were unable to fill needed security positions. According to Forbes, there are currently 1 million open security positions in the US alone and that number is expected to grow exponentially.
In an environment where the security of digital assets is paramount, the lack of people qualified to protect those assets is disturbing and can lead to some serious problems, namely:
- Overburdened analysts: Meritalk found that 68% of security teams are overwhelmed by the amount of data to be processed, and 78% feel that, as a result, they had no opportunity to proactively address threats. Teams reactively run from fire to fire, and burnout levels are high because so much responsibility is placed on the shoulders of very few people. This unnecessary noise creates additional layers of complexity which further obscure the true picture of what’s taking place.
- Unresolved alerts: With tens of thousands of alerts, many of which are false positives, coming in each month from a slew of disparate tools, it’s no wonder that events slip through the cracks. In fact, the high-profile Target breach of 2013 was in part due to an alert that went uninvestigated.
- The work has become overly complex: It takes a person of a certain skill set to be capable of dealing with the high volume of alerts and numerous individual tools and platforms intricately involved with keeping a SOC moving. It’s a nuanced process that poses a challenge to even the most qualified security personnel. And the confusion created by these different point “solutions” causes additional frustration among analysts.
Watch the full webinar below or read the original post here…