Amid complexity and noise, security teams are burning out, and data shows it is not getting any better. Sophos research reveals globally that 93% of organizations find the execution of some essential security operation tasks, such as threat hunting, challenging. These challenges also include understanding how an attack happened, with 75% of respondents stating they have challenges identifying the root cause of an incident.
The research uncovers the complex intensity that defenders are up against, as 52% of organizations surveyed said that cyberthreats are now too advanced for their organization to deal with on their own. It is also taking valuable time away from teams as 64% said they wish the IT team could spend more time on strategic issues and less time on firefighting, and 55% said time spent on cyberthreats has impacted the IT team’s work on other projects.
The complicated landscape teams face today is due to constant innovation by criminals, as well as constant noise coming from the tools defenders rely on, according to Sally Adam, senior director at Sophos.
“There are a number of things that are all going on, which is creating this perfect storm,” said Adam. “We’ve got adversaries who are very well funded who are continuing to innovate. They are constantly coming up with new approaches, and frankly teams are struggling to keep up with that alongside everything else that they have to do. At the same time, we’ve got security tools that can be very noisy. They’re generating a large volume of alerts. So, you’ve got teams that are getting alert overload.”
As a result, many organizations are stuck in reactive mode, struggling to stay on top of defense.
“All of this noise is very disruptive to the flow of work,” said Adam. “It’s preventing teams from actually taking a step back and saying “OK, what’s the root cause? What are the bigger picture things we need to do?”
An outsourced approach to security can help burned out SOC teams
The answer for many security teams that are stressed, behind, and burned out is an outsourced approach to handling SecOps, said Adam.
“You get a level of expertise both in threats and in using the security tools that is almost impossible to replicate in house,” said Adam. “Bringing in expertise means they can deal with threats far more quickly, far more effectively, and far more efficiently than an in-house only team because they have specialist expertise and have also worked with other organizations in similar circumstances.”
Working with an outsourced specialist also provides 24/7 coverage, an advantage many smaller organizations with limited staff may not have. And they often have emerging technology expertise that may not be found in house because of their work with many different types of customers.
Free of the need to constantly fight fires in the security operations center, teams have more time to focus on business critical tasks. Learn how Sophos can provide you with the managed security your organization needs by visiting https://www.sophos.com/en-us/products/managed-detection-and-response.