Security operations centers face high levels of staff turnover
New research from managed detection and response company CRITICALSTART finds that security operations center (SOC) analysts are being overwhelmed by alerts and this is leading to high rates of analyst turnover.
In the past year, 80 percent of respondents reported SOC turnover of more than 10 percent of analysts, with nearly half reporting between 10 and 25 percent turnover. 35 percent report losing a quarter or more of their SOC analysts in under a year.
The number of alerts is increasing, with 70 percent of respondents investigating 10 or more alerts each day (up from 45 percent last year) while 78 percent state that it takes 10 minutes or more to investigate each alert (up from 64 percent last year). In addition, false-positives remain a struggle, with nearly half of respondents reporting a false-positive rate of 50 percent or higher, almost identical to last year.
Due to the onslaught of alerts, 38 percent of respondents say their SOC either tries to hire more analysts or turn off high-volume alerting features deemed too noisy, both up significantly from last year. The number of respondents that feel their main job responsibility is to analyze and remediate security threats has dropped dramatically from 70 percent down to 41 percent as analysts increasingly believe their role is to reduce alert investigation time or the volume of alerts.
"The research reflects what we are seeing in the industry -- as SOCs get overwhelmed with alerts, they begin to ignore low to medium priority alerts, turn off or tune out noisy security applications, and try to hire more bodies in a futile attempt to keep up," says Rob Davis, CEO at CRITICALSTART. "Combine that stressful work environment with no training and it becomes clear why SOC analyst churn rates are so high, which only results in enterprises being more exposed to risk and security threats."
The study also shows that nearly half of respondents say they get 20 or fewer hours of training per year, a further factor in driving staff turnover.
You can find out more in the full report on the CRITICALSTART site.