Staff morale reaches low ebb at resource-strained Security Operations Centres
August 7, 2020
DarkOwl and SIRP – Automated Dark Web Monitoring and Investigation
August 11, 2020
Staff morale reaches low ebb at resource-strained Security Operations Centres
August 7, 2020
DarkOwl and SIRP – Automated Dark Web Monitoring and Investigation
August 11, 2020

SIRP 2020 Security Analysts Survey

 

SIRP recently released the results of SIRP 2020 Security Analysts Survey. The findings are part of an independent study conducted by Sapio Research in June/July 2020.

The survey took responses from 250 security professionals who manage threat alerts in companies of 500 employees or more, to answer the questions and create a clear picture of the current state of SOC processes and security analysts attitude towards adopting automation.

It covers the amount of alerts security analysts have to deal with on daily basis, how security analysts are managing these alerts, how many security tools exist in a SOC, how automation could help job satisfaction, how much time is spent on mundane tasks that should be automated, what do analysts enjoy and dislike most about their job etc.

SIRP 2020 Security Analysts Survey reveals that more than half of security analysts would rather not waste time on mundane tasks and over three quarters feel good about having more process automation. Whereas deepening skills shortage is affecting the ability of SOCs to do their jobs, and disconnected security tools are preventing organizations from getting the full picture of their security, meanwhile almost half are considering leaving their role, within an average time of 11 months. Surprising? We think not because according to the findings, over half of the security analysts are at least slightly frustrated by the current process for investigating threats. It might be time that your SOC staff is looking for a way out and the reason might be none other than the time spent on mundane tasks that could easily be automated.

As the Co-Founder & CEO, Faiz Shuja, of SIRP Labs said “Morale could easily be improved with more automation along with fast access to the right information, helping to improve productivity and reduce the amount of missed or false-positive alerts.” 

 “It lays bare SOC analysts’ frustrations many of whom would like to see the introduction of more automation to help raise productivity as well as reduce the number of false positives and missed alerts,” he added. 

The survey also highlights the impact the pandemic has made on analyst workloads. Almost half have experienced a reduced workforce, followed by just over 2 in 5 spending more time on non-productive tasks (43%) and feeling pressure on the job (42%). Part of the issue, according to the report, is that cybersecurity needs to recognize the dire need for more automation and orchestration and prevent the SOC teams from becoming frustrated with mundane tasks.

The primary strengths of successful security operations centers (SOCs) are flexibility and adaptability, while their biggest weakness is lack of productivity. The survey results indicate a need for more automation across the detection and response functions. There are opportunities to improve security operations by understanding how to serve the organization more effectively by automation.

Key Stats

  • On average organisations receive 840 security alerts a day
  • 52% security analysts are at least slightly frustrated by the current process for investigating threats
  • Security analysts spend 18% of their day managing alerts
  • Only 32% organizations have alert triage and incident response automated
  • 76% security analysts feel good about having more automation
  • Time spent on mundane tasks that should be automated is what 51% security analysts dislike most about their job

The survey also highlights various positives about SOC staff, including:

  • On the brighter side, most security analysts (66%) enjoy a sense of team spirit, especially those over 35 where team spirit is highest (72%). 
  • While 96% of respondents say that they are somewhat able to prioritise alerts based on the risks to the organization. 
  • Among the respondents a high proportion (89%) say they enjoy a close working relationship with colleagues in other departments like GRC or vulnerability management.

To learn more, download a copy of SIRP 2020 Security Analysts Survey.