Research: Security Analysts Say SOC Turnover is on the Rise
CriticalStart, a Plano, Texas-based provider of Managed Detection and Response (MDR) services, has published new research revealing that Security Operations Center (SOC) analysts continue to face an overwhelming number of alerts each day that are taking longer to investigate. A growing number of these SOC analysts have come to believe that their primary job is simply to “reduce the time it takes to investigate alerts,” according to the report, which also states this phenomenon may also be a contributing factor to analyst churn.
The company’s second annual report, entitled “The Impact of Security Alert Overload,” surveyed SOC professionals across enterprises, MSSPs, and MDR providers to evaluate the state of incident response within SOCs from a variety of perspectives, including alert volume and management, business models, customer communications as well as SOC analyst training and turnover.
The survey also found that 70 percent of respondents investigate 10+ alerts each day (up from 45 percent last year) while 78 percent state that it takes 10+ minutes to investigate each alert (up from 64 percent last year). In addition, false-positives remain a struggle, with nearly half of respondents reporting a false-positive rate of 50 percent or higher, almost identical to last year.
With this volume of alerts, 38 percent say their SOC either tries to hire more analysts or turn off high-volume alerting features deemed too noisy, both up significantly from last year. The number of respondents that feel their main job responsibility is to analyze and remediate security threats has dropped dramatically from 70 percent down to 41 percent, as analysts increasingly believe their role is to reduce alert investigation time or the volume of alerts.
Nearly half of respondents say they get 20 or fewer hours of training per year.
“The research reflects what we are seeing in the industry – as SOCs get overwhelmed with alerts, they begin to ignore low to medium priority alerts, turn off or tune out noisy security applications, and try to hire more bodies in a futile attempt to keep up,” said Rob Davis, CEO at CriticalStart. “Combine that stressful work environment with no training and it becomes clear why SOC analyst churn rates are so high, which only results in enterprises being more exposed to risk and security threats.”
The data suggests that the industry needs to take a renewed focus on managing alerts, investigation time, and the volume of false-positives.
Equinix and VMware Partner to Accelerate Enterprise Hybrid Cloud Transformations
Equinix, Inc., a global interconnection and data center company, has announced an expanded partnership with VMware to support VMware Cloud on Dell EMC on its Platform Equinix offering. The two companies are teaming up to develop solutions to help enterprises accelerate hybrid cloud transformations based on VMware Cloud on Dell EMC within Equinix International Business Exchange (IBX) data centers. VMware will also support Equinix as a global colocation provider for VMware Cloud on Dell EMC.
Direct and private connectivity to strategic cloud service providers is essential as digital transformation fuels higher demand for localized digital services at the edge.
“The industry’s rapid adoption of hybrid cloud architectures for enterprise IT infrastructure is enabling higher levels of agility, security and availability than ever before,” said VMWare CEO Pat Gelsinger. “Equinix and VMware have been partners for several years, serving a majority of Global 2000 joint customers. Our newly expanded partnership will enable our mutual customers to gain the benefit of the Equinix enterprise capabilities and the world-class VMware Cloud on Dell EMC solution.”
“By working together to offer hybrid cloud services, Equinix and VMware look forward to delivering the digital foundation for enterprise transformations in a cloud-first world,” said Equinix CEO Charles Meyers. “Together with VMware, we are reinventing hybrid cloud infrastructures based on the breakthrough VMware Cloud on Dell EMC service to deliver against today’s security, performance and availability requirements.”
Equinix operates data centers in Atlanta, Boston, Chicago, Dallas, Denver, Los Angeles, Miami, New York, Philadelphia, Seattle, Silicon Valley and Washington D.C.
Enterprises must focus on ensuring the availability, performance, security and reliability of a massive set of applications while operating in a cost-effective and scalable manner. This expanded collaboration is expected to help customers simplify complex hybrid multicloud deployments, and accelerate their digital transformation in public cloud and edge deployments.
Quantum Adds New Program Enhancements
In an effort to support ease of doing business, Quantum Corp. has rolled out a new deal registration program, enhanced channel enablement tools, and a refreshed channel partner portal.
The San Jose-based company specializes in technology and services to help customers capture, create, and share digital content, especially high-resolution video, images, and industrial IoT.
Quantum’s new deal registration application leverages a new network of dropdown menus intended to simplify the deal registration process. Accessed via the Quantum Alliance portal, the application provides a new dashboard to help track sales activity, deal funnel, and wins. The new portal also provides Quantum news, events and press releases, as well as industry and analyst insights, and provides real-time visibility to Quantum social media posts. In addition, the refreshed portal now provides syndicated access to Alliance partner websites.
“As a result of key feedback from my many meetings with our channel partners across the globe, we have evolved our program to better serve their needs and deliver a better experience for our joint customers,” said Elizabeth King, chief revenue officer at Quantum. “These new partner-driven program enhancements are focused on enabling our channel community to expand their success with Quantum and allow them to focus on solving their customers’ most important challenges.”
Quantum also debuted an expanded online training program for sales reps and engineers, organized by vertical market, opportunities and assets, and introduced new training options for in-person training, either conducted at the partner’s site or at another location with other Quantum Alliance partners.
Effective channel programs need to evolve over time, reflecting shifts in market conditions and company strategy, while at the same time promoting ease-of-use.