The survey also sought to uncover the pain points around outsourced SOC or Managed Detection and Response (MDR) functions, it interrogated which value-adds are sought after in an outsourced SOC/MDR provider and asked how respondents felt about using AI in a SOC/MDR solution.
A total of 191 responses were captured, with 56% of respondents being at executive, middle management and director level, and working in a range of major industry sectors. Some 38% of respondents came from the IT sector and 18% came from the financial, insurance, banking and accounting sector. Ten percent of respondents came from the public sector.
Here are some of the key findings:
- Nearly three-quarters (73%) of the survey’s respondents said they had a documented incident response procedure.
- 84% of respondents said they had the technical capability to investigate critical security incidents when they occur.
- Asked to choose from a list of capabilities within their organisation, 35% said they had an insourced or outsourced SOC, 27% had Security and Events Management (SIEM) and 23% had MDR.
- Just over half (51%) of respondents said their SOC was run within the organisation and they were happy with its progress and maturity. A third (37%) said their SOC/MDR was outsourced and they were happy with the service. 7% said their SOC/MDR was outsourced and they weren’t happy with the service. 5% said their SOC was run within the organisation and they weren’t happy with its progress or maturity.
- While 49% of respondents were happy with their SOC/MDR provider, the main pain points of outsourced SOC/MDR were ranked as follows: the reporting doesn’t illustrate the business value (37%), the cost of sources (logs or events per second) is prohibitive (28%) and being sent too many alerts (23%).
- Respondents whose SOC/MDR provided 24/7 monitoring were asked whether they were equipped to handle after-hours incidents. 38% responded in the affirmative.
- 39% of respondents said they would rather outsource their SOC than build their own. The majority (61%) said they would consider building their own SOC because outsourcing would be too costly (26%), they couldn’t rely on a third party to respond to these types of security incidents (21%) or they didn’t outsource anything (14%).
- Respondents who are building their cyber security capability were asked to rank technology investments in terms of priority. Security Orchestration, Automation and Response (SOAR) headed the list, followed by Managed Detection and Response (MDR), Security Operations Centre (SOC), Cross-layered Detection and Response (XDR), Passive Network Monitoring (NDR) and Endpoint Detection and Response (EDR).
- Integrated remediation or managed security services was ranked top of the list of attractive value-adds that a SOC/MDR provider could offer, selected by 68% of respondents. Close behind – at 66% - was visibility of defence threats to the organisation, then came analyst-driven threat hunting (56%) and passive network monitoring (32%).
- 58% of respondents said that threat hunting was absolutely necessary in a SOC/MDR solution, while 42% would like to see this function automated.
- Nearly half of respondents (48%) felt that AI was absolutely necessary in a SOC/MDR solution, 42% said it has its place and 10% felt that AI wasn’t capable yet.