FireEye , in collaboration with Ponemom Institute , published the research Second Annual Study on the Economics of Security Operations Centers: What is the True Cost for Effective Results ?, from which a lot of data emerges significant: the management costs of the Security Operations Centers are growing, but the return s The perceived investment (ROI) is constantly decreasing . The causes are to be found in the growing complexity and ever higher costs.

Rising costs, decreasing perceived returns: the point on the situation of the Security Operations Centers

The FireEye report highlights a growing complexity and, above all, an increase in the costs of SOC, the Security Operations Centers , which offer services for the security of IT systems. Not only does the cost of internal SOCs increase, but also of their management when outsourced. A problem that could also be acceptable, given the strategic importance of these solutions for cybersecurity, but the issue that worries is another: companies do not see a return on these investments. The companies taken in the sample declared an average expenditure close to $ 3 million (2. 716. 514, to be precise) for this type of solution, but satisfaction is low: only the 51% of respondents consider these efforts effective.

The situation is even more complex for those who managed these outsourced solutions: the costs for monitoring services by the Managed Security Service Provider (MSSP) increase by 20% on an annual basis, with an average cost in the 2020 of 5. 307. 205 annual dollars (in the 2019 were 4. 441. 500 dollars ). Costs that are partly justified by the increased complexity of these solutions: the 80% of the sample believe that they are particularly complicated solutions to use and manage.

What is falling is the state of mind of the employees, who blame the increase in workload and stress, also due to the fact that they must always be available in case of emergency. Salary increases, passed from an average of 102. 000 annual dollars of 2019 to 110. 000 in 2020, were not enough to improve the situation. Turnover is also worrying: despite the fact that companies plan to hire 5 analysts a year, on average, it is estimated that each company sees the abandonment of 3 experts, who will resign or will not be confirmed.

The solution to the problem exists: invest in XDR and automation

According to the FireEye report, companies are trying to overcome these problems by increasing the budgets dedicated to security automation systems and XDR solutions (Extended Detection and Response): the companies interviewed intend to spend on average 333. 150 dollars for the XDR, 345. 150 dollars for the SOAR (Security Orchestration, Automation, and Response) , 285. 150 dollars for the MDR and 183. 150 dollars for SIEM ( Security information and event management). Solutions that will complement the SOCs, not replace them, since they are still considered essential by the 80% of companies, since they help them minimize false positive reports and automate certain operations by leveraging machine learning.

“ The results of Ponemon’s Economics of the SOC report show that organizations are facing a significant increase in costs from their security operations divisions and despite having made more investments, they are still dissatisfied with their capacity to fight the growing cyber threats “- commented Chris Triolo, Vice President of FireEye Customer Success – “ Many security teams are now looking for new technologies capable of providing greater efficiency and visibility, reducing the number of alarms and eliminating the most trivial activities so as to also improve the quality of the analysts’ work and consequently their mood “.