Once recognized solely for their security training and certifications, the SANS Institute is starting to outshine many long-term industry analyst firms in their security market research. And I give them 5 gold stars for their latest survey-based report; “A SANS 2021 Survey: Security Operations Center (SOC)”. The survey takes advantage of SANS’ global alumni of IT movers and shakers from SMB to the large enterprise and even in government to understand how the SOC is evolving. The result is a report with many interesting findings that reveal a growing alignment in how we approach security operations around the world.
The report covers a surprisingly broad number of areas including topics like SOC funding. Due to the sensitivity and complexity around funding, the survey asked respondents about this in several ways. Blending the responses to these questions resulted in Figure 22 (page 18 of the report), indicating that SOC leads and managers are increasingly involved in the SOC funding process to determine needs and priorities.
As another example of the high-level thinking represented in the report’s findings, respondents were asked about their use of various security models and allowed to choose ‘all that apply’. Figure 10 (page 8 of the report) shows NIST and MITRE models as the most popular tools for measuring an organization’s maturity, helping them to assess visibility issues, and guiding their investigation, hunting, and response activities.
For me, personally, it was most interesting to see how outsourcing options are being used to compensate for the ongoing shortage of skilled personnel. By asking respondents about their use of in-house, outsourced, or both to address 22 SOC capabilities. Figure 7 (page 7 of the report) shows a number of expected results particularly6 in regard to periodic activities like Pen testing. But it also revealed some surprising attitudes where half of all respondents are using outsourcing to accomplish half of these 22 SOC capabilities.
This chart also highlights how things like ‘Threat intelligence’ need to be thought of in different ways for different purposes. And the data is present several times, in different ways, to help reveal other important details about how the SOC is evolving. So I encourage you to download the full report to benefit from those additional insights. And you may also enjoy watching the recorded Panel Discussion on the survey.
