A recent survey of 250 senior IT leaders suggests that when it comes to cybersecurity, organizations are reluctant to completely outsource the management of their security operations centers (SOCs). The State of SOAR Report 2018 survey was conducted by Virtual Intelligence Briefing on behalf of Demisto, a provider of a security orchestration, automation, and response (SOAR) platforms. Instead, just under half of survey respondents (48 percent) said they rely on external service providers to either augment their internal IT teams or partially outsource a specific security function. That compares to under two percent that have fully outsourced security operations and 51 percent of respondents that continues to prefer to rely on their internal IT teams.
The paradox that becomes apparent in this survey, is that most organizations continue to rely on internal IT to address cybersecurity issues even though they are investigating more than 12,000 alerts every week. Not surprisingly, the biggest cybersecurity pain point cited by respondents (69 percent) was the number of false positives the multiple IT security tools generate. The next two cybersecurity pain points cited were the number of alerts being generated (46 percent), and the cost of labor required to operate those tools (42 percent).
That labor issue is being exacerbated by fierce competition for IT security talent. A total of 70 percent admitted retaining cybersecurity expertise is a challenge. The primary reason most employees leave is to attain a higher salary (65 percent). The report finds a quarter of employees leave within two years and that 67 percent of employees leave in three to four years. That’s problematic because it often taken months to hire replacements and on average, it takes more than eight months to properly train.
The average time to respond to a security incident is 4.35 days, which is largely due to the number of alerts being generated, combined with a lack of personnel available.
The Demisto report concludes that given the untenable nature of this situation, it’s only a matter of time before more organizations invest in SOAR platforms. A full 70 percent of respondents say SOAR tools would be beneficial for automating response, especially when it comes to threat hunting (62 percent).
The MSP challenge and opportunity
The challenge and opportunity for MSPs is to convince IT leaders that their trust would be better placed in them to achieve their goals. Automation doesn’t just magically happen. Organizations need to first find a way to pay for the platform employed to automate security operations and then over an extended amount of time, they need to realign their cybersecurity processes. MSPs that invest in automation platforms in effect amortize the cost of acquiring an automation platform using best-in-class processes that are already tested and well defined.
Of course, the biggest issue most MSPs will need to overcome when making that case, is often the pride of the internal IT department. Even though it’s clear most internal IT organizations are severely outclassed by their cybersecurity adversaries, many of them labor under the mistaken belief that any admission or need for help, is a sign of weakness that will eventually lead to them being replaced by an external service provider.
The truth of that matter is, most internal IT teams have better things to do than chase down security alerts. The real issue is not only finding a way to get internal IT teams to appreciate that simple fact, but also gently reminding them that cybersecurity pride still goeth before the inevitable fall.
Photo: Khakimullin Aleksandr / Shutterstock.