The State of SOC and Planning for 2023

Just like the threats we face, our industry is always changing and growing. That’s why I recently had the pleasure of hosting a webinar with my former Forrester Research colleague, Joseph Blankenship (or JB, as I like to call him), discussing “The Current State and Future Trends of Security Operations.”

During the webinar, we had a frank, open conversation about JB’s perspectives on security operations, including:

  • The state of SOC and its current challenges
  • Setting and achieving priorities for the SOC
  • Trends and SOC planning for 2023

In this blog, I’ve captured some key areas we discussed, including links to additional research.

Current and Perennial Problems in the SOC

We broke down some of the critical challenges the SOC faces today, which are some of the same issues we’ve faced for years, including:

  • Measuring performance: Most SOC measurements are very activity-oriented, JB says, and usually just tally the number of events and investigations analysts have handled. This kind of information is helpful background but doesn’t communicate the full story of how a security team is impacting the business. Teams need comprehensive, digestible cybersecurity metrics to communicate effectively.
  • Dealing with the talent and skills gap: Ever a popular topic, the talent gap is a real problem. JB talks to lots of companies who are contemplating building out their own SOC. Unfortunately, these companies are finding that there isn’t enough talent out there to actually staff their SOC.
  • Aligning to the business: The SOC can sometimes act as a silo, “sequestered away” from the goals of the business, as JB put it.
  • Managing complexity: There’s a perfect storm around the complexity of the environments we are defending and the overwhelming threat landscape. If you want a resilient environment, reducing complexity, increasing visibility, and managing risk are critical to your security operations.

What’s Important to the SOC Right Now?

Current SOC priorities are largely attempts to answer the problems listed above. JB and I discussed the following as the top priorities of the SOC:

  • Communicating to the board: Answering the dreaded “What would you say you do here?” question is top of mind for SOC teams. Justifying spend and showing results will continue to be a priority in 2023. How can we show that we’ve improved security maturity, or how much faster have we gotten at responding to threats? Are we ahead of or behind our industry peers?
  • Automating more: Context switching and manual work is bogging down security teams. As much as we love Excel, it’s time to get away from copy-and-paste and automate away those tasks. Automation can also help existing staff feel better about their jobs by allowing them to focus on higher-priority issues.
  • Up-leveling existing staff: We discussed how important it is to have a succession plan in place to preserve tribal knowledge and educate current and new staff.
  • Finding new staff: More and more companies are finding that there aren’t enough people out there to staff a full internal SOC. In light of that, we discussed focusing your resources on what you need to be good at and how to partner with a service provider to complement your security operations strategy. Partner is a key word here. “Security services are not an easy button,” JB says. So, if your company leverages managed services, remember that it is a partnership, and you must be committed.
  • Getting business buy-in: The security team is a key enabler of the business, powering digital transformation and product launches, ultimately generating revenue for the company. The SOC needs to find clarity on what exactly they are doing to support the business and how it fits into the broader goals of the company.

SOC Planning for 2023

Next, we discussed how SOC teams should prioritize their strategy for next year based on four factors:

  • New tool or native implementation
  • Cost
  • Ease of implementation
  • Impact on reducing the threat

We tend to focus on the cost element, JB says, but it’s critical to balance that against the other factors.

On the tool side, companies often believe they need to invest in a new tool to address a specific problem but forget to analyze the tools already in their tech stack. They often already have the technologies they need or sometimes find overlap they can clean up and reclaim their budget from. (During this part of the conversation, I brought up a Forrester Research blog I wrote that discussed the concept and pitfalls of “Expense in Depth” and why buying a new tool might not always be the correct choice.)

Finally, we discussed 2023 budget planning and how to plan for the economic downturn and potential recession. You’re going to get some difficult questions, so prepare to defend your budget. Planning your budget with these issues in mind can prevent unpleasant surprises from your CFO.

Wrapping Up

Many thanks to JB for joining us for this webinar. It is always great to hear what industry analysts say, and I appreciate JB’s connecting with us and sharing his knowledge. You can “like and subscribe” to Joseph via his social accounts here: LinkedIn and Twitter.

Want to watch the full conversation? Access the webinar here.