The SANS 2023 SOC Report is a vital barometer for the state of Security Operations Centers (SOCs) worldwide. It offers a plethora of data-driven insights and emerging trends that are shaping the future of cybersecurity operations.
The SANS Institute's annual SOC Survey is a pivotal source of information for the cybersecurity community. In its seventh iteration, the survey has become more probing by including new areas of focus — operational threat hunting to SOAR and staff hiring and retention. The generosity of the professionals answering this exhaustive questionnaire, which takes an average of 59 minutes, demonstrates the dedication within the field to improve and evolve.
Key findings
The report highlights several significant trends shaping the future of cybersecurity operations. Some of the key takeaways from the report include:
Budget navigation
When it comes to budgeting, 42% of SOC management actively contributes to input, which is then allocated by higher-level decision-makers. In contrast, a mere 13% receive inadequate attention from decision-makers regarding SOC management recommendations. Interestingly, SOC budgeting shows minimal correlation with organization sector and size, prompting further exploration. Regardless of circumstances, the goal remains the reasonable allocation of funds.
Metrics as pillars
Metrics are integral components of the SOC toolkit, regularly utilized by 88.8% of users. Notably, only a mere 11.2% do not provide metrics, with a significant portion of this group in the government sector. User satisfaction among SOC metrics users is high, with 77% expressing contentment, while a 23% dissatisfaction rate warrants deeper exploration.
Calculating SOC value
Unraveling the intricacies of calculating the SOC's value is challenging, with 56.3% abstaining from this endeavor. Among those who venture into this territory, the majority (84%) report a reduction of 50% or less in handling and incident impact costs. Another commonly used metric is the reduction of incident detection, resolution, and restoration time, aligning directly to lower overall incident costs while showcasing the SOC's value.
Staffing dynamics
Staffing remains critical for running a SOC, with a consistent trend indicating the most common SOC size ranges between 11 and 25 staff members (24.8%). This study delves into staffing requirements, underscoring the crucial need for qualified personnel in this ever-evolving field.
Key challenges
The report also reveals the most significant challenges faced by SOC teams, which include the following:
Growing Concerns About Lack of Context
The survey highlights a growing concern among 16% of respondents regarding the "lack of context related to what we are seeing." Compared to the previous year, this heightened apprehension emphasizes the critical importance of understanding the context of SOC operations. Without context, effective decision-making and timely responses to security incidents can be hindered.
The Dilemma of Automation and Orchestration
Another significant challenge is the absence of automation and orchestration within SOC operations. The lack of automated processes hampers efficiency and effectiveness as manual tasks become time-consuming and repetitive. This challenge underscores the importance of implementing automation to streamline security operations and enhance incident response capabilities.
Navigating Blind Spots
Organizations grapple with the obstacle of limited enterprise-wide visibility, which impairs their ability to detect and respond to security threats promptly. Without a comprehensive view of the entire IT infrastructure, potential blind spots emerge, providing attackers with opportunities to exploit vulnerabilities. Overcoming this challenge requires strategies to enhance visibility across the organizational landscape.
Shortage of Skilled Staff
A persistent issue in the field of cybersecurity is the shortage of skilled staff. The demand for cybersecurity professionals consistently surpasses the available talent pool, posing a significant challenge for organizations in building and maintaining robust security teams. Addressing this shortage necessitates strategic initiatives to attract, train, and retain qualified cybersecurity personnel.
On a positive note, the survey reveals a decline in the obstacle of lack of management support. This decline indicates a positive shift, signaling funding availability for initiatives addressing context, visibility, and automation challenges. The support from management is crucial for implementing necessary changes and improvements in SOC management practices.
Implications for security operations
With the report highlighting several critical challenges SOCs face, it's imperative to consider the implications on a strategic and operational level.
Firstly, the need for automation in addressing the burden of complex and repetitive tasks should steer investment towards intelligent security platforms that can autonomously detect and respond to incidents.
Enhancing visibility becomes a strategic priority; organizations must invest in tools that provide real-time insight into their IT environments to identify and mitigate risks swiftly.
Furthermore, the shortage of skilled cybersecurity personnel must be considered a catalyst for developing comprehensive training programs, fostering partnerships with educational institutions, and creating career pathways to entice new talent. This holistic approach to combating staffing challenges will fortify the overall resilience of SOCs against an ever-evolving threat landscape.
Finally, the shift in management's perspective towards recognizing the value of strong cybersecurity measures opens the door for greater adoption of innovative security practices and technologies, thereby solidifying the organization's defense mechanisms.
Final thoughts
The SANS 2023 SOC Report has once more illuminated the shifting paradigms in cybersecurity, affirming that a forward-thinking, proactive approach is vital. Staying informed and adaptable is critical for cybersecurity stakeholders at every level.
In a broader context, cultivating a robust SOC is an ongoing process of refinement and growth – a complex interplay between technology, methodology, and human expertise. As the digital world becomes ever more integral to our lives, so does the need for thorough and proactive cybersecurity measures.
The SANS 2023 SOC Report has once more illuminated the shifting paradigms in cybersecurity, affirming that a forward-thinking, proactive approach is key. Staying informed and adaptable is critical for cybersecurity stakeholders at every level.
In a broader context, cultivating a robust SOC is an ongoing process of refinement and growth – a complex interplay between technology, methodology, and human expertise. As the digital world becomes ever more integral to our lives, so does the need for thorough and proactive cybersecurity measures.
Take action
Trend Micro, with its cutting-edge solutions, offers a comprehensive suite of products designed to protect enterprises and their data from the latest threats.
Whether you're looking to enhance your SOC with advanced threat detection capabilities or seeking robust defenses against zero-day exploits, Trend Micro has a solution tailored to meet your needs. Stay one step ahead of cyber adversaries and discover how Trend Micro can fortify your organization's cybersecurity posture today.
Join the fight against cyber threats. Equip yourself with the knowledge and tools to secure your digital assets and contribute to a safer cyber world. Visit Trend Micro to learn more and consider becoming part of the solution.