Security teams overconfident about detecting cyberthreats

A new report shows that 82 percent of security operations centers are confident in their ability to detect cyberthreats.

This is despite just 22 percent of front line workers tracking mean time to detection (MTTD), which helps determine hacker dwell time, and 40 percent of organizations still struggling with SOC staff shortages and finding qualified people.

The study from Exabeam surveyed 295 respondents across the US, UK, Canada, Germany and Australia to determine how analysts and SOC management view key aspects of their operations.

Among the findings are that small- and medium-sized teams especially are more concerned with downtime or business outage (50 percent) than threat hunting as an operational metric, yet threat hunting stands out as a must-have skill (61 percent).

Other findings include that SOC outsourcing in the US has declined from 36 percent to 28 percent year-on-year, while UK outsourcing had an increase from 36 percent to 47 percent. Germany reports 47 percent outsourcing, primarily of threat intelligence services.

It also shows that Australian SOCs struggle in most categories and need improvement in technology updates, monitoring events and responding to/analyzing incidents.

"From 2018-2019, we learned that dwell time -- or, the time between when a compromise first occurs and when it is first detected -- has grown. Based on this, it is surprising for SOCs to report such inflated confidence in detecting cyberthreats," says Steve Moore, chief security strategist at Exabeam. "We see great progress in the SOC with attention paid to employee well-being, measures for better communication and more. However, disparate perceptions of the SOC's effectiveness could be dangerously interpreted by the C-suite as assurances that the company is well-protected and secure, when it's not."

The full 2020 State of the SOC Report is available from the Exabeam site.

Image credit: wavebreakmedia/depositphotos.com