New Studies Paint Bleak Picture of Future SOC Effectiveness

The increasing stress of leading and working in a Security Operations Center (SOC) will lead to a wave of resignations in the next two years, further exacerbating massive challenges to improving SOC effectiveness and efficiency.

A new study released this week by Gartner predicts that by 2025 nearly half of cybersecurity leaders will change jobs and one out of every four will leave cybersecurity entirely.  

“Cybersecurity professionals are facing unsustainable levels of stress,” said Deepti Gopal, Director Analyst, Gartner. “CISOs are on the defense, with the only possible outcomes that they don’t get hacked or they do. The psychological impact of this directly affects decision quality and the performance of cybersecurity leaders and their teams.”

The Gartner study comes just months after the 2022 Devo SOC Performance survey found that 62 percent of SOC analysts have considered walking away from their jobs due to the pressure they feel. Of the most experienced SOC staff, 71 percent are likely to quit due to the stress caused by information overload, burnout, long working hours, inability to prioritize threats, and what they generally described as “complexity and chaos in the SOC.”

“SOC workers’ pain is real. They are frustrated in their work, and even if not ready to do so, many are thinking of quitting,” the Devo report states. “For jobs that play such a critical role in protecting organizations against relentless cyberthreats, that’s the kind of doomsday scenario that is likely keeping SOC leaders, and other executives, up at night.”

The Need For Automation & Better Response Capabilities

SOC leaders and staffers disagree on the best approach to alleviating the stress and strain of working in a SOC. According to the Devo survey, SOC staffers favor a physical and mental well-being approach to addressing pain with 41% selecting “stress management” and “psychological counseling,” making it the top prospective remedy. Just 34% of leaders favor that solution.

SOC leaders took a different tack. Their top choice was a technological one, with 39% recommending the implementation of “advanced analytics/machine learning.” That choice was favored by 35% of SOC staff.

Introducing advanced analytics and machine learning, and automating workflows, are two of the modern approaches to SOC work that are gaining traction, according to the Devo report. “Ultimately, the industry is headed toward the era of the autonomous SOC,” the report states. “Advanced technologies are rapidly becoming available that will be able to take on some of the more tedious, exhausting areas of SOC work, including sorting through alerts to determine which are significant enough to require a response from SOC staff.

“Given the talent shortage, difficulty in hiring SOC talent, and burnout issues that are already too prevalent in the industry, technological solutions to the many challenges overwhelming today’s SOCs may be the only effective way to stem the tide of resignations, inability to fill open positions, and growing vulnerability of organizations to relentless attackers.”

Download our white paper to learn more about how Cybereason can eliminate the many pains your SOC teams are experiencing.

Learn How

Get Ahead of the SOC Crisis With Cybereason

None of the predictions and surveys mentioned above are inevitable. The SOC workforce crisis can be prevented by moving from an alert-centric approach to an operation-centric approach. 

Moving from an alert-centric security model to an operation-centric model significantly improves SOC team operational effectiveness and efficiency. Small teams can do the work of larger teams, less experienced teams are immediately more effective, and your SOC’s ability to mitigate risk improves exponentially

Cybereason’s primary differentiator is the ability to consolidate alerts into a single malicious operation — what Cybereason calls a MalOp™. Whereas other vendors alert dozens of times for a single intrusion, the Cybereason MalOp Detection Engine stitches together the separate components of an attack, including all users, devices, identities, and network connections into

a comprehensive, contextualized attack story. Because the Cybereason Defense Platform understands the full attack story, we orchestrate and automate response to all impacted endpoints and users through tailored response playbooks without the need for an outside SOAR solution.

This advanced and automatic analysis increases analyst speed and accuracy by reducing the noise of alerts with a focused deconstruction of the overall operation.

Learn more about how Cybereason can eliminate the many pains your SOC teams are experiencing.

Learn How
Dan Verton
About the Author

Dan Verton

Dan Verton is Director of Content Marketing at Cybereason. Dan has 30 years of experience as a former intelligence officer and journalist. He is the 2003 first-place recipient of the Jesse H. Neal National Business Journalism Award for Best News Reporting – the nation’s highest award for tech trade journalism and is the author of the groundbreaking work, Black Ice: The Invisible Threat of Cyber-Terrorism (McGraw-Hill, 2003). He most recently served as an intelligence advisor and co-author of a nationwide TSA anti-terrorism awareness training program.

All Posts by Dan Verton