Outsourcing Security Operations – Is It Worth It?
Organizations today operate in a complex environment characterized by ever-changing cybersecurity threats and tactics, and ever-changing networks that span the cloud. As a result, organizations are finding it increasingly difficult to effectively and consistently protect their digital perimeters and mitigate risk.
It’s no surprise, then, that organizations across all industries are grappling with whether to outsource security operations (SOC) or manage them in-house. The second annual Economics of Security Operations Center study by the Ponemon Institute provides key insights into this priority issue from 17,200 IT and IT security practitioners.
SOC is increasingly critical for cybersecurity
With SOCs managing a range of activities, 80% of respondents say these security command centers are critical or very important to a strong security posture. This is an increase from 73% in the previous Ponemon survey.
Yet, from year to year, it is difficult to boost the efficiency of the SOC in the face of the increasing complexity of the management of the SOC. Even 72% of the most successful companies* struggle to manage their SOCs.
*High performers are those who said their organization’s SOC is very effective at detecting attacks.
COVID and Solution Silos Exacerbate SOC Complexity
More than a third of SOCs represented in the Ponemon study have transitioned to a remote work environment, and 51% of respondents said it had a significant impact on their SOC’s performance. Simply put, dealing with endpoint security and denial of service attacks is more difficult with more employees working remotely.
As organizations deploy more security solutions in an attempt to address their growing security challenges, they often fail. Consider that they spend an average of $2,716,514 per year on security engineering to integrate disparate security data, create rules, and automate processes. Despite spending this much, only 23% of respondents rate their security engineering efforts as highly effective.
Underinvestment plagues the SOC
Identifying and mitigating threats quickly and effectively is arguably the most critical activity of the SOC. Despite investing nearly $4 million a year in their SOCs, organizations are underinvesting in key areas: including threat hunting, incident response and resolution.
In many cases, this is likely due to the lack of internal expertise to translate threat intelligence into proactive response. The Ponemon survey found that an average of 12 IT security practitioners are assigned to their organization’s SOC. Yet the demand for cybersecurity talent continues to outstrip the supply, according to the latest (ISC)² Cybersecurity Workforce Study. In fact, the (ISC)2 study posits that the global cybersecurity workforce must grow by 65% to effectively defend organizations’ critical assets.
This continued talent shortage puts additional pressure on existing security operations personnel to perform very important activities, including:
- Minimize false positives
- Detect intrusions
- Interpretation of threat intelligence
- Chasing Threats
- Monitoring and analysis of alerts
Turnover leaves organizations struggling
Although more and more organizations are paying salaries at the higher end of the range, they regularly experience turnover. On average, organizations hire five analysts and see three security analysts quit or be fired each year, similar to the previous Ponemon survey. (In contrast, high-performing organizations hire an average of seven analysts in a year and see an average of two analysts quit or be fired each year).
With such a turnover of SOC analysts, organizations find themselves on a never-ending treadmill trying to find, hire, and retain top talent in their SOC. According to 80% of respondents to the Ponemon survey, the number one – and growing – reason for analyst turnover is burnout in 24/7/365 SOCs facing increasing workloads.
Notably, 85% of respondents overall find it difficult or very difficult to work in their organization’s SOC, an increase from 72% in the previous survey. Even in high-performing SOCs, 76% of security personnel experience significant pain to fulfill the demands of their job.
This is not surprising considering all that comes with more complex and expansive operating environments: information overload, stress, and lack of sufficient visibility into the network and IT infrastructure, to name a few. some.
No wonder SOC ROI is deteriorating
Faced with the growing complexity of SOC and high analyst burnout and turnover, more than half (51%) of respondents said SOC ROI was declining – a jump from 44% in respondents who had said the same thing in the previous survey. Even 25% of top performers are seeing a decline in SOC ROI.
On the other hand, the efficiency of the MSSP increases
As they struggle to effectively manage the growing complexity of their SOCs, more and more organizations are turning to Managed Security Service Providers (MSSPs) – and with great results.
In fact, 51% of security practitioners report partially or completely outsourcing their SOC. And for good reason: 52% say their organizations rate the effectiveness of their MSSPs as high or very effective – a significant jump since the previous Ponemon survey. Interestingly, 86% of top performers—those most effective at detecting attacks—rate their MSSP effectiveness as very high.
This makes perfect sense given that MSSPs offload many of the heavy and critical tasks at the heart of effective cybersecurity. They do this through a variety of means, including investing in high-level personnel, deploying technology that provides greater visibility, and expert and timely analysis of information and alerts.
Take it to the next level with Nuspire
Since MSSPs absorb the bulk of SOC tasks, including proactive 24/7/365 monitoring, and day-to-day emergencies, internal SOCs avoid overburdening internal teams while getting essential coverage for critical areas. Thus freed, SOCs can prioritize activities and specializations.
As a Tier 3 Progressive MSSP, Nuspire provides customized cybersecurity solutions based on customer goals, requirements and risk tolerance. While all MSSPs offer solutions to detect, respond to, protect against, and prevent cyber threats, Nuspire helps organizations close security gaps quickly so our customers can do more.
Nuspire is dedicated to revolutionizing the cybersecurity industry through innovation, operational excellence and customer experience. Providing simple solutions to complex problems for customers across a variety of industries, sizes, maturity levels, and business outcomes, we were named a Representative Vendor in the 2022 Gartner Market Guide for Managed Security Services ( MSS). Nuspire’s advanced and award-winning services are also recognized by CRN,
Information Security and InfoSec.
Discover the top 10 tips for working with an MSSP and learn more about what sets Nuspire apart from other MSSPs, including our security framework in action.
The article Security Operations Outsourcing – Is it worth it? appeared first on Nuspire.
*** This is a Nuspire Security Bloggers Network syndicated blog written by the Nuspire team. Read the original post at: https://www.nuspire.com/blog/outsourcing-security-operations-is-it-worth-it/