65 percent of cybersecurity analysts say they've considered quitting
Working in a security operations center is stressful, so much so that 65 percent of analysts report having considered changing careers or quitting their jobs.
This is among the findings of a new study carried out by the Ponemon Institute for data analytics platform Devo Technology, which also finds that 49 percent say their SOC is not fully aligned with business needs.
The top barrier to SOC success, according to 65 percent of respondents, is the lack of visibility into the IT security infrastructure and the top reason for SOC ineffectiveness, according to 69 percent, is a lack of visibility into network traffic.
Threat hunting teams have a difficult time identifying threats because they have too many IOCs (Indicators of Compromise) to track, too much internal traffic to compare against IOCs, lack of internal resources and expertise and too many false positives. More than half of respondents (53 percent) rate their SOC's ability to gather evidence, investigate and find the source of threats as ineffective. The primary reasons are limited visibility into the network traffic, lack of timely remediation, complexity and too many false positives.
In addition SOCs don't have high interoperability with their organization's security intelligence tools. Other challenges are the inability to have incident response services that can be deployed quickly and include attack mitigation and forensic investigation services.
"The survey findings clearly highlight that a lack of visibility and having to perform repetitive tasks are major contributors to analyst burnout and overall SOC ineffectiveness," says Julian Waits, general manager of cyber at Devo. "It is critical that businesses make the SOC a priority and evolve its effectiveness by empowering analysts to focus on high-impact threats and improving the speed and accuracy of triage, investigation, and response."