SOC Analysts Quitting over Burnout, Lack of Visibility
… automate workflow, followed by normalizing the work schedule, having access to more out-of-the-box content and having more resources. By paying attention to these needs, leaders will foster a more successful SOC – from a technology and a skills-retention perspective – and overall a stronger security posture.”
The next step is to create a stronger alignment between the SOC and the business, Waits said. Often, these needs already are in alignment as everyone wants a stronger security posture, but not at the expense of an oversubscribed budget. Leaders must foster discussion opportunities to prioritize objectives and mitigate security risk, while ensuring the needs of each line of business is met, he said.
“Finally, make use of powerful technology that can lighten the load on SOC analysts, freeing them up to become more proactive; for example, with threat hunting,” he said. “Leaders should support their existing personnel and help to build the effectiveness of the security function by integrating critical security intelligence tools with the SOC, as well as investing in technologies that will address the lack of full visibility into the network traffic, ineffective threat hunting, lack of timely remediation, lack of interoperability with other security solutions and too many false positives.”
The factor that truly stands out is the level of analyst burnout due to their heavy workload, and the immense amount of stress and pressure they are facing, said Larry Ponemon, founder of Ponemon Institute.
“It is clear this is a critical area that needs to be addressed to improve SOC effectiveness,” he said.
- Page 1
- Page 2