What I Need to be a SOC Rock Star

Gurucul conducted a survey of attendees at the 2022 Black Hat USA security conference focused on the Security Operations Center (SOC). We asked security professionals what they needed to be SOC Rock Stars, the technologies and attacks they’re most focused on, and their plans for the SOC in the next year. What did we learn?

Insider Threats Are the Most Difficult to Detect

Out of the seven types of threats covered by the survey, 27% of respondents – the highest percentage across types – identified detecting insider threats as the most difficult.

Insider threat attacks have steadily increased in the last few years and are notoriously hard to detect and prevent because they typically abuse legitimate user credentials and involve activity that isn’t obviously malicious when viewed without context. Without baselining typical user and entity behaviors, it’s very difficult to pick out anomalous activity that indicates an insider risk. According to the Insider Threat Report produced by Cybersecurity Insiders, virtually all organizations feel vulnerable to insider attacks (98%) and 82% of organizations find it difficult to determine the actual damage of an insider attack.

Luckily, Gurucul has one of the most sophisticated, proven and awarded Insider Threat Solutions in the market. Our solution powers some of the most successful insider threat programs in operation today. Find out why Edward Jones selected Gurucul as their top choice of insider threat detection tools in this webinar presentation, “Lessons Learned from Operational Insider Threat Programs.

Behavioral Analytics Technology Is a Top Priority for Security Professionals

Behavioral Analytics is the most common technology survey respondents plan to invest budget in over the next year. This shows both a clear need for this technology, and that security professionals understand its value.

Behavioral analytics helps organizations detect and respond quickly to threats and distinguish malicious activity from false positives based on an understanding of normal activity that continuously learns and adjusts. Organizations working to improve their threat detection and response capabilities should investigate this technology further.

Look no further! Gurucul has been innovating our User and Entity Behavior Analytics product for over 10 years. We have more than 1500 open and transparent behavior models that fuel our analytics engine. Our machine learning library delivers out-of-the-box security content so you can detect anomalies on day one in real-time. View our webinar for more, “How Mature Behavior Analytics Accelerates Detection of Persistent Threats.

82% of Security Professionals Feel Their SOC Program Is Improving

Nearly all respondents felt their SOC program was improving or staying the same and less than 5% said their SOC is actively getting worse. These are encouraging statistics and suggest that organizations understand the importance of the SOC and are investing in it.

The question becomes, what improvements to the SOC will have the greatest impact, what weaknesses do these programs still have, and how do they keep up the forward momentum? After all, a single mistake or missed attack can be enough to cause a catastrophic security breach.

Gurucul’s mission is to facilitate real-time visibility and detection, prioritized investigations, and automated response across entire SOC lifecycle. Our Security Analytics and Operations Platform drastically reduces overall operational expenses while improving the efficiency of threat detection and response programs across the board.

Security Professionals Need Training, Experienced Talent, Better Pay and Vacation Time

Security professionals were split on whether their organization offered enough SOC training, and almost a third wanted to invest in more Tier 3 SOC Analysts / Threat Hunters.

Survey results also found a desire for better vacation and compensation in the SOC. Approximately 35% of respondents needed more than two weeks of vacation time to feel refreshed, and about three-quarters wanted at least a 10% raise.

It’s Official – The SOC Runs on Coffee

Coffee was the drink of choice by a wide margin, selected by 41.89% of respondents. In second place was “the hard stuff you keep in your drawer,” with 16.22% of analysts sneaking a swig on late nights or after seeing a particular scary set of alerts come in. The team involved in creating this survey cannot comment on any personal experience they may or may not have had with this in their own SOC days. Tea was third, followed by soda, with beer, water and juice boxes bring up the rear. We were hoping to see juice boxes rank higher, but there’s no accounting for taste.