Gurucul announced the results of a Black Hat USA 2022 security
professionals survey. Respondents indicated that Insider Threats were
the most difficult type of attack for SOC analysts to detect, and that
Behavioral Analytics was the most common piece of technology they felt
was missing and that they planned to add to the SOC in the near future.
The survey also found that a strong majority of respondents feel their
SOC programs are improving, but that they needed more training,
high-level talent in the SOC, better compensation, and more time off.
"Taken
as a whole, these survey results suggest that organizations and
security professionals understand that Insider Threats are a serious
security risk and are working to improve their defenses by adding
technologies like Behavioral Analytics and Network Traffic Analysis,"
said Saryu Nayyar, Gurucul's CEO. "But they're not there yet. Gurucul's
approach to these issues, which we think will help many of these
organizations improve their defenses against Insider Threats, pairs
machine learning behavior profiling with predictive risk-scoring
algorithms to predict, prevent and detect breaches."
Other key findings from the survey include:
- 27% of respondents identified Insider Threats as the most difficult attack to detect - the highest percentage across types.
- More
than 36% of respondents chose Behavioral Analytics as the technology
they are currently missing that would most improve their SOC and more
than 24% plan to invest budget into Behavioral Analytics solutions in
the next year.
- More than 17% of respondents plan to invest in Network Traffic Analysis technology in the next year.
- 82% of security professionals feel their SOC program is improving. Less than 5% said it was actively getting worse.
- Tier
3 SOC Analysts / Threat Hunters are the most in-demand role in the SOC
(chosen by 31% of respondents), followed by Tier 2 Analysts (20%) and
Threat Content Creators (16%).
- 39%
of respondents feel that their organization is investing in enough
training for the SOC, but 31% said they are not and 30% were undecided.
- 35% of analysts need more than two weeks of time off to feel rejuvenated and 28% feel like they deserved a 20% raise.
Survey
responses were collected at Black Hat 2022 and via email in the two
weeks after the show, from security professionals from a wide range of
organizations, sizes and verticals. You may download the survey report
here: https://gurucul.com/resources/whitepapers/2022-black-hat-usa-survey