EDF/MARC CARAVEO

MSSPs the answer for fed-up SOC staff

Employees sitting in security operations centres are showing signs of cracking under increasing pressure

Managed security service providers (MSSPs) have a clear opportunity to help reduce the burden on customer staff trying to wade through hundreds of alerts in their security operations centres (SOCs).

For many staff manning the desks in a SOC, things were already challenging before Covid-19 struck, and the pandemic has exacerbated the problems.

Research from SIRP Labs found that the average customer was trying to manage 18 security tools that were generating 900-1,000 alerts a day.

The result was that SOC staff were becoming bogged down in responding to the alerts and dissatisfaction was rising so much that 48% of respondents to the survey were considering leaving their jobs. The SIRP study found that the threat to leave was not just an empty one and already the average amount of time SOC staff had spent in the same post was just 30 months.

Drilling down into why staff were so unhappy, the research found that dealing with mundane tasks, a frustration at events outside their control and the inability to allocate time effectively were all factors.

Faiz Shuja, co-founder of SIRP Labs, said the number of people prepared to walk away from their jobs had been a surprise, but the rest of the research confirmed its expectations about the life of a SOC worker.

“There is a pressure on the SOC teams from the senior management and they have to demonstrate the value of the investment,” he said.

Shuja said the answer was for technology to take the strain, but the research found that automation and orchestration tools were being used by only 32% of respondents, which left MSSPs with 70% of the market to go after.

“There are customers that are looking to MSSPs to help them manage security operations,” he said. “In mid-sized and small companies, there are multiple services being handled by MSSPs.

“Alerts are only going to grow and more technology will be added and we don’t see the level of alerts going down – they are going to be increasing.”

Jack Veitch, senior consultant at cyber solutions recruitment specialist Acumin, said there had been a high churn in the SOC staffing world, but more employers were starting to understand that staff dissatisfaction increased when they became bogged down with mundane tasks that could be automated.

“Employees are getting frustrated,” he said, warning that in a competitive staffing market, that would have negative consequences. “That makes it easier for other businesses to poach staff,” he added.

Veitch said the coronavirus had highlighted some of the problems and some firms had been left vulnerable with people working from home and were looking at managing the effects of this.

“It will help shake up this area of the business and be a good case for change,” he said, adding that more boardrooms were seeing it as an enabler and appreciating that getting it right was a crucial part of the business strategy.

Read more on Salesforce Management