SOC Investment Improves Detection and Response Times, Data Shows

0 Comments

More businesses are investing in their security operations center (SOC) and doubling down on SOC capabilities to fight cyberthreats, helping drive down detection and response times. 

Dark Reading’s 2021 Incident Response Survey polled IT and cybersecurity professionals from more than 20 industries on a variety of issues related to detecting, and responding to, security incidents. This year, a substantially higher percentage of organizations report they have a formal SOC capability and incident response teams of 15 or more staff members.

More respondents this year describe their organization as able to detect most security incidents in near-real time or within minutes. The research found 48% of respondents claim their organizations have the ability to detect potential compromise as soon as one occurs, or within minutes of it happening. Respondents are also confident in their response capabilities: 56% say they remediate most security incidents within minutes or hours of occurrence.

Other highlights of the survey include:

  • 21% of organizations report having a dedicated IR team of 15 or more people, compared with 11% in Dark Reading’s 2020 survey
  • 38% of organizations currently have a SOC; another 12% plan to build one internally
  • 58% of survey respondents say less than 10% of security incidents they have experienced had a significant negative impact on the organization
  • 17% of IT and security leaders surveyed say they are most concerned about credentialed users misusing data, compared with 10% last year.
  • 44% of organizations report they are well connected with the IR teams of business partners, or at least exchange data that might indicate a compromise.

Download the full report here