View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Life in an SOC: Ineffective, Overwhelming, and Causing Burnout, Survey Finds

"The factor that truly stands out is the level of analyst burnout due to their heavy workload, and the immense amount of stress and pressure they are facing"

By CBR Staff Writer

Security Operations Centres (SOCs) are struggling to perform effectively amid low visibility into client IT security infrastructure and network traffic, according to a new report this week that also warns of analyst burnout, slow resolution of security issues and a tidal wave of false positives.

The survey, conducted by the Ponemon Institute for data analytics platform provider Devo Technology, found the majority of respondents rated their SOC’s effectiveness as low, with nearly half (49 percent) saying it is not fully aligned with business needs; an alarming finding for SOC operators.

(An SOC can be run by a third-party, or in-house. They come in a variety of flavours but their services typically include detecting and responding to threats, staying abreast of a rapidly changing threat landscape, identifying negligent, criminal or other dangerous behaviour, and generating business intelligence).

The survey of 554 IT security practitioners in organisations that have a SOC found that over half (53 percent) rated their SOC’s ability to gather evidence, investigate and find the source of threats as ineffective. They blamed limited visibility into network traffic, lack of timely remediation, complexity and too many false positives, along with interoperability issues with their clients’ own security intelligence tools.

Security Operations Centre Troubles: Analyst Burnout a Major Cause for Concern

IT security personnel say working in the SOC is painful because of an increasing workload and being on call 24/7/365. Current threat hunting processes also contribute to the stress of working in the SOC. As a result, 65 percent say these pain factors have caused them to consider changing careers or leaving their job.

“There are a number of factors contributing to the SOC’s overall ineffectiveness – such as the lack of visibility into IT security infrastructure – but the factor that truly stands out is the level of analyst burnout due to their heavy workload, and the immense amount of stress and pressure they are facing,” said Larry Ponemon, founder of Ponemon Institute.

“It is clear this is a critical area that needs to be addressed to improve SOC effectiveness.”

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

SOC Survey: Other Highlights

Among the other industry trends captured by the report:

  • There’s an almost equal split between where SOC infrastructure is housed: 53 percent said in the cloud; 47 percent said on-premises.
  • The majority of respondents (51 percent) say their companies invest in threat intelligence feeds. Of these organizations, 54 percent of respondents say the threat intelligence feeds combine open source and paid feeds.
  • The exploits most commonly identified by the SOC include high numbers of malicious insiders (68 percent).

Devo recommends automating more workflow and normalising work schedules to avoid burnout, as well as creating improved alignment between the SOC and the business to address silo issues between the SOC and IT security operations.

Do you work in or with an SOC? What’s your biggest headache/barrier to effectiveness? Speak to us on or off the record. 

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.