chat
expand_more

Empowering Security Teams for Success: 4 Key Takeaways from the SANS 2024 SOC Survey

Discover trends among modern SOC teams, including misaligned budgets, increased automation, unsatisfactory AI tools, staffing issues, and more.
July 12, 2024

As cybersecurity threats continue to evolve, empowering security teams with the right strategies and tools is essential for protecting organizations effectively. Commissioned by SANS, the highest standard in cybersecurity education, the 2024 SOC Survey provides a comprehensive look into the current priorities and challenges faced by security leaders.

Here, I’ll delve into my impressions of the study's key findings, offering actionable insights that can empower security professionals to refine their approaches to threat detection, response coordination, and operational resilience. By embracing these key takeaways, security teams can enhance their readiness to combat cyber threats and strengthen organizational defenses.

1. Most SOC Teams Are Misaligned on Organizational Budgets

When asked about their estimated annual budgets for new software licensing, staffing, etc., the most common response among surveyed SOC specialists by far was “Unknown.” This speaks to a fundamental misalignment between the SOC staff and management around the organizational budget process. Misaligned SOC budgets often lead to inefficiencies and gaps in cybersecurity defenses, making it difficult to allocate resources effectively and respond to threats promptly. This can result in increased vulnerabilities and potential security breaches.

The study also highlights a universal challenge faced by CISOs: budgets are not increasing, and in many cases, they are either flat or shrinking. This financial constraint makes it imperative for organizations to be more strategic in their spending. To do more with less, the emphasis should be on multi-channel platforms that extend their capabilities across various architectural areas rather than investing in solutions that serve a single purpose.

2. Increased Automation and Orchestration Across SOC Teams

Automation and orchestration have been buzzwords in the cybersecurity space for over a decade, yet there remains a significant gap in their effective implementation. While some progress has been made with the introduction of SOAR (Security Orchestration, Automation, and Response) solutions, much work still needs to be done. This goes beyond the need for a dedicated automation platform.

Cybersecurity tools should come equipped with open APIs to facilitate better integration and interaction, allowing for more sophisticated defensive strategies. For example, ‌automated processing of user-reported phishing emails can greatly enhance the speed and efficiency of response times, potentially stopping cyber threats in their tracks. These are the types of capabilities that would enhance your SOC team’s output.

3. Widespread Dissatisfaction with AI/ML Tools

The survey results also revealed a notable dissatisfaction with artificial intelligence (AI) and machine learning (ML) tools, which isn't surprising given the recent hype. Many vendors claim their solutions are "powered by AI," which leads to a fair amount of skepticism across the industry—especially when those same vendors cannot explain what that means.

A friend of mine was recently evaluating MDR vendors and found one that touted AI capabilities, only to learn it was used merely to generate reports post-analysis. This superficial use of AI, rather than its integration into core functionality, contributes to ‌disappointment. With so many gimmickry and misleading claims, security professionals spend considerable time distinguishing genuine solutions from those that are merely marketing AI.

In contrast, real AI (at its fullest potential) excels at consuming vast amounts of diverse data, identifying underlying patterns, and making decisions based on historical data. When used effectively, AI/ML can ingest and analyze internal data sources and telemetry, learning, and adapting without explicit programming to detect rapidly evolving threats. We should seek solutions that leverage AI/ML at their core to detect anomalies. Instead of asking if something is bad, our security solutions should determine if it is normal.

4. Staffing Issues Impede Full SOC Utilization

When asked about the biggest barrier in their SOC currently, a significant number of respondents (29%) cited answers directly related to staffing—“high staffing requirements” and “lack of skilled staff.” Unfortunately, staffing issues in the SOC are nothing new. It takes skilled analysts to hang in there and work under high pressure for a long time. Retention is always a concern. In fact, the average tenure is one to three years, but the survey reveals that this is slowly increasing to three to five years.

While the study does not delve deeply into solutions for this cybersecurity staffing issue, the advancements in automation and AI mentioned above could play a crucial role. By automating routine tasks and enhancing the capabilities of existing tools, organizations can manage more efficiently with smaller teams. Moreover, this can allow cybersecurity professionals to focus on more strategic and creative aspects of cybersecurity, potentially making the field more attractive to new talent.

Evolving Cybersecurity Strategies for Tomorrow's Threats

The SANS 2024 SOC Survey underscores the need for a strategic overhaul in how cybersecurity is approached in organizations. By investing in versatile tools, embracing automation, and setting realistic expectations for AI and ML, cybersecurity professionals can not only enhance their defensive capabilities but also ensure a more robust alignment with organizational goals and resources. As the landscape of cyber threats continues to evolve, so too must our strategies to combat them.

Interested in learning more about current SOC trends? Get the full report below!

Read the Report
Empowering Security Teams for Success: 4 Key Takeaways from the SANS 2024 SOC Survey

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Proofpoint Customer Story Blog 8
A Fortune 500 transportation and logistics leader blocked more than 6,700 attacks missed by Proofpoint and reclaimed 350 SOC hours per month by adding Abnormal to its security stack.
Read More
B Gartner MQ 2024 Announcement Blog
Abnormal Security was named a Leader in the 2024 Gartner Magic Quadrant for Email Security Platforms and positioned furthest for Completeness of Vision.
Read More
B Gift Card Scams Tricker to Spot Blog
Learn why gift card scams are becoming more difficult to identify, how cybercriminals evolve their tactics, and strategies to protect your organization.
Read More
B Offensive AI 12 16 24
Learn how AI is used in cybersecurity, what defensive AI vs. offensive AI means, and how to use defensive AI to combat offensive AI.
Read More
B Proofpoint Customer Story Blog 7
See how Abnormal's AI helped a Fortune 500 insurance provider detect 27,847 threats missed by Proofpoint and save 6,600+ hours in employee productivity.
Read More
B Cyberattack Forecast Emerging Threats Blog
Uncover the latest email threats and strategies to strengthen your cybersecurity and prepare for 2025.
Read More