MSSP companies appear to be missing the mark with customers that have in-house SOCs, according to a new security operations center benchmarking study by Ponemon Institute.
The study, sponsored by Respond Software, a security operations software vendor, surveyed 657 IT and IT security practitioners at organizations with in-house SOCs. The study showed that despite organizations investing heavily in SOCs, results of those investments were largely disappointing. Only 51% of the survey respondents said they were satisfied with their SOC’s effectiveness in detecting cyberattacks. Of the 51% of respondents that said their organization partially or completely outsources its SOC to a managed security service provider (MSSP), only 17% said their MSSP was highly effective, while 42% said rated their MSSP as effective.
More surprisingly, the study found that organizations spend an average of $2.86 million per year on their in-house SOCs. Yet when they outsourced to an MSSP, costs increased to $4.44 million annually — countering the expectation that outsourcing would reduce expenses.
Dan Lamorena, vice president of marketing at Respond Software, based in Mountain View, Calif., said the study suggests MSSP companies would do well to focus more on their customers’ personnel challenges rather than solely the technology. The costs of hiring, training and retaining SOC teams emerged as a key pain point among survey respondents. About half of a SOC budget goes toward personnel, he said.
“I think what we realized is that one of the biggest challenges people have is around people. They can’t hire enough people. … Once you hire them, they leave or they are expecting big pay raises. The cost of constantly keeping up with the people side of the SOC is a big challenge,” Lamorena said.
He noted MSSPs experience many of the same staffing challenges as the organizations polled by the study.
MSSP companies could do more to help customers train and retain SOC teams and ensure their SOC technology is benefiting them, Lamorena added. “We have been selling [customers] SIEM tools, SOAR tools and automation tools, and I think we forgot a lot of the people element of it.”