SOC teams struggle to keep up with a dangerous threat landscape, growing attack surface, and voluminous security alerts. Credit: Thinkstock Recent ESG research reveals that 52% of security professionals believe security operations are more difficult today than they were two years ago. Why? Security operations center (SOC) teams point to issues such as:A rapidly evolving and changing threat landscape: Forty-one percent of security professionals find it difficult to understand and counteract modern threats like ransomware or supply chain attacks and then build this knowledge into a comprehensive security operations program. Most react to threats and indicators of compromise (IoCs) rather than study cyber-adversaries and plan ahead.A growing attack surface: This issue came up with 39% of respondents, but attack surface challenges are no surprise. Other ESG research indicates that the attack surface is growing at two-thirds (67%) of organizations, driven by third-party IT connections, support for remote workers, increased public cloud usage, and adoption of SaaS applications. A growing attack surface means more work, vulnerabilities, and blind spots for SOC teams. Little wonder then why 69% of organizations admit to a cyber-incident emanating from an unknown, unmanaged, or poorly managed internet-facing asset.The volume and complexity of security alerts: We’ve all heard about “alert storms” and “alert fatigue.” Based on the ESG data, these conditions aren’t just marketing hype, as 37% of SOC teams say that alert volume and complexity is making security operations more difficult. It’s easy to understand this one: Imagine viewing, triaging, prioritizing, and investigating a constant barrage of amorphous security alerts from a variety of different detection tools and you’ll get the picture. Seems overwhelming but that’s the reality for level 1 SOC analysts at many organizations.Public cloud usage: Beyond just expanding the attack surface, more than one-third (34%) say that security operations are more difficult as a direct result of growing use of the public cloud. This is not just a numbers game. Securing cloud workloads is difficult due to multi-cloud deployment, ephemeral cloud instances, and developer use of new cloud services that security teams may be unfamiliar with. Chasing cloud evolution and associated software developer whims has become part of the job.Keeping up with the care and feeding of security technologies: More than half (54%) of organizations use more than 26 different commercial, homegrown, or open-source tools for security operations. The burden of managing and maintaining all these disparate technologies alone can be difficult. This is one reason why many firms are replacing on-site security tools with cloud-based alternatives.Growing scale complicates security operationsIn analyzing this data, it’s easy to see a common theme across these different responses – scale. Everything is growing – threats, IT, alerts, tools, everything. The research illustrates the fact that we don’t have the people, processes, or technologies to keep up with these scaling needs.Given these overlapping trends, one of the foundations of a modern SOC must be unprecedented scale. Obviously, this means technical scale – the ability to collect, process, analyze, and store massive amounts of data – but the research highlights a pressing need to scale people and processes as well. SOC modernization must be designed to make the SOC team more productive so they can scale the amount of work they can do. Scaling people means more intelligent technology, better training, and structured repeatable processes. SOC modernization must also include process re-engineering so SOC teams can fix broken processes and automate as much work as possible. CISOs understand these problems and already earmarked funds to address them – 88% of organizations plan to increase spending on security operations over the next 12 to 18 months. Onward and upward toward SOC modernization and unparalleled scale. Related content news Citrix quietly fixes a new critical vulnerability similar to Citrix Bleed Much similar to Citrix-Bleed, the information disclosure bug was identified within NetScaler devices configured as gateway or virtual servers. By Shweta Sharma May 07, 2024 3 mins Vulnerabilities feature What is IAM? Identity and access management explained IAM is a set of processes, policies, and tools for controlling user access to critical information within an organization. By David Strom May 07, 2024 12 mins Identity Management Solutions IT Leadership Security news Most interesting products to see at RSAC 2024 Tools, platforms, and services that the CSO team recommends 2024 RSA Conference attendees check out. By CSO Staff May 07, 2024 12 mins RSA Conference Security news Google launches Google Threat Intelligence at RSA Conference The new addition to Google Cloud Security is designed to inform security teams on approaches to protecting against external threats, managing attack surfaces, and mitigating digital risks. By Sascha Brodsky May 06, 2024 4 mins RSA Conference Cloud Security Security Software PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe