the Smarter SIEM™ company, released its annual ‘State
of the SOC’ report, identifying shifting roles and responsibilities
as one of the most pressing challenges for security operations center
(SOC) managers. As an example of this shift, C-suite executives are
doing more in incident response and threat hunting, while frontline
employees are completing fewer operational tasks. Similar
to last year, the report also found that SOC staffing remains an
issue, as do processes like reporting and documentation, along with
alert fatigue and false positives.
The survey sought the opinions of IT professionals in the U.S. and U.K.,
with management responsibilities in operations and security. Common
roles targeted were CIO/CISO, SOC manager or frontline employee, such as
threat researchers, security architects, engineers, analysts and risk
Interestingly, only 5 percent of respondents reported seeing 100 percent
of events in the security incident and event management (SIEM) system.
In fact, keeping up with security alerts presented the largest pain
point experienced by SOC personnel (39 percent). The top reason cited
for this pain was the inability of legacy applications to log events.
Without full visibility into events happening throughout the enterprise,
SOC managers are more likely to miss security alerts, resulting in
greater vulnerability to cyberattacks.
“There’s an idiom, ‘what you don’t know can’t hurt you.’ But in the
information security business, that couldn’t be further from the truth.
In fact, it’s what you don’t know – or worse, can’t see – that will
significantly harm your business,” said Steve Moore, chief security
strategist at Exabeam. “From our survey, an example of how this can
manifest is general lack of environmental visibility in the form of too
few logs – you can’t protect what you can’t see. Visibility, event
context and automation play a key role in building relevant defense, so
you can have a fighting chance against even the most sophisticated
A third of respondents feel their SOC is understaffed by as many as
The importance of soft skills, like communication, is growing, with 65
percent of respondents saying personal and social skills play a
critical role in the success of a SOC, but employees’ actual abilities
in these areas are also improving
Hard skills have increased in importance; threat hunting is up 7
points to 69 percent, while data loss prevention jumped 8 points to 75
For perception of effectiveness, the struggle is real
SOC effectiveness remained unchanged YoY, with U.S. SOCs having
significantly more ability to monitor and review events (71 percent)
than their U.K. counterparts (54 percent). And smaller SOCs with fewer
than 24 members reported an increase in effectiveness at ‘responding to
incidents’ (79 percent). However, a gap has emerged (54 percent) in the
perception of the SOC’s ability to perform auto-remediation. This is a
14 percent decrease from 2018, and likely due to SOC personnel’s lack of
understanding of the full security picture. Other pain points for them
Reporting/documentation (33 percent), false positives (27 percent) and
alert fatigue (24 percent)
Disparity with half the CISOs regarding importance of incident
response (52 percent) and incidents escalated (46 percent) versus SOC
analysts for their view on importance of incident response (24
percent) and incidents escalated (33 percent)
Budget constraints on newer technology
Nearly 50 percent of understaffed SOCs indicated they don’t have
sufficient funding for technology, while respondents of larger SOCs said
that despite recent or increased funding for technology, they recommend
continued investment in newer, more modern technologies (39 percent).
The survey also revealed that nearly half of SOC respondents continue to
outsource business activities; malware analysis, threat analysis and
threat intelligence are the most frequently outsourced functions.
Conversely, SOCs are choosing to tackle event and data monitoring
When technology investments are made, big data analytics (39 percent)
and user and entity behavior analytics (UEBA) (22 percent) remained
strong, while artificial intelligence (23 percent) and machine learning
(21 percent) made gains in usage rates. In medium and smaller SOCs,
usage of technologies like artificial intelligence and biometric
authentication and access management also jumped.
To download the full report, visit https://www.exabeam.com/library/2019-exabeam-state-of-the-soc-report/.
Exabeam is the Smarter SIEM™ company. We empower enterprises to detect,
investigate and respond to cyberattacks more efficiently so their
security operations and insider threat teams can work smarter. Security
organizations no longer have to live with excessive logging fees, missed
distributed attacks and unknown threats, or manual investigations and
remediation. With the Exabeam Security Management Platform, analysts can
collect unlimited log data, use behavioral analytics to detect attacks,
and automate incident response, both on-premises or in the cloud.
Exabeam Smart Timelines, sequences of user and device behavior created
using machine learning, further reduce the time and specialization
required to detect attacker tactics, techniques and procedures. For more
information, visit https://www.exabeam.com.
Exabeam, Smarter SIEM, Smart Timelines and Security Management
Platform are trademarks or registered trademarks of Exabeam, Inc. in the
United States and other countries. All other brand names, product names,
or trademarks belong to their respective owners. © 2019 Exabeam, Inc.
All rights reserved.