5 reasons why security operations are getting harder and harder

A recent study by ESG found that 52% of security professionals believe security operations are more difficult today than two years ago. Why? Security Operations Center (SOC) teams report issues such as:

  • A rapidly evolving and changing threat landscape: Forty-one percent of security professionals struggle to understand and counter modern threats like ransomware or supply chain attacks, and then integrate that knowledge into a comprehensive security operations program. Most react to threats and Indicators of Compromise (IoCs) rather than studying cyber adversaries and planning ahead.
  • A growing attack surface: This issue was raised by 39% of respondents, but attack surface challenges are no surprise. Further research from ESG indicates that the attack surface is increasing in two-thirds (67%) of organizations, thanks to third-party IT connections, support for remote workers, increased use of the public cloud, and the adoption of SaaS applications. A growing attack surface means more work, vulnerabilities, and blind spots for SOC teams. It’s no wonder, then, that 69% of organizations admit to a cyber incident originating from an unknown, unmanaged, or mismanaged internet asset.
  • The volume and complexity of security alerts: We have all heard of “alert storms” and “alert fatigue”. According to ESG data, these conditions aren’t just marketing hype, as 37% of SOC teams say the volume and complexity of alerts make security operations more difficult. This one is easy to understand: Imagine viewing, sorting, prioritizing and investigating a constant barrage of amorphous security alerts from a variety of different detection tools and you’ll get the picture. It sounds overwhelming, but it is the reality for Level 1 SOC analysts in many organizations.
  • Using the public cloud: Beyond simply expanding the attack surface, more than a third (34%) say security operations are more difficult as a direct result of increasing public cloud usage. It’s not just a numbers game. Securing cloud workloads is challenging due to multi-cloud deployment, ephemeral cloud instances, and developers’ use of new cloud services that security teams may be unfamiliar with. Keeping up with the evolution of the cloud and the associated whims of software developers is now part of the job.
  • Follow the care and feeding of security technologies: More than half (54%) of organizations use more than 26 different commercial, local, or open source tools for security operations. The burden of managing and maintaining all of these disparate technologies can be difficult. This is one of the reasons many companies are replacing on-premises security tools with cloud-based alternatives.

Growing scale complicates security operations

Analyzing this data, it’s easy to see a common theme running through these different responses: scale. Everything grows – threats, IT, alerts, tools, everything. The research illustrates that we don’t have the people, processes, or technologies to meet these scaling needs.

Given these overlapping trends, one of the foundations of a modern SOC must be unprecedented scale. Obviously, this means technical scale – the ability to collect, process, analyze and store huge amounts of data – but the research highlights an urgent need to scale people and processes as well. SOC modernization should be designed to make the SOC team more productive so they can increase the amount of work they can do. Scaling people means smarter technology, better training, and structured repeatable processes. SOC modernization should also include process reengineering so that SOC teams can fix broken processes and automate as much work as possible.

CISOs understand these issues and have already earmarked funds to address them – 88% of organizations plan to increase spending on security operations over the next 12-18 months. Forward and upward towards SOC modernization and unparalleled scale.

Copyright © 2022 IDG Communications, Inc.

Leave a Reply