Do SOC Teams have the Certainty they need to do their jobs?

By Adeline Chan, Product Marketing Manager, Threat Prevention

The Security Operations Center (SOC) is often all that stands between an organization and a potentially financially devastating data breach. However, 98% of SOC teams face significant challenges in their mission to detect and shut down attacks. For many SOC teams, finding malicious activity inside today’s complex networks is like finding a needle in a haystack. The result: critical attacks are missed until it’s too late.

Read more to learn about the top three challenges of the SOC. Sign up for the webinar on July 7th to find out how Check Point’s new offering enables SOC teams to achieve the certainty they need to do their jobs.

The importance of the SOC

With the evolving cyber threat landscape, it is no surprise that Security Operations Centers (SOC) are an increasingly important part of organizations’ efforts to keep ahead of the latest cybersecurity threats. Although the staff size of SOC teams vary depending on the size of the organization and the industry, most have roughly the same roles and responsibilities. A SOC is a centralized function within an organization that employs people, processes, and technology to continuously monitor and improve an organization’s security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents.

More often than not, the SOC is often all that stands between an organization and a potentially financially devastating data breach.

Top Three Challenges of Every SOC

SOC teams must always stay one step ahead of attackers. Exposing, validating, and shutting down malicious activity in an organization’s environment have become extremely difficult due to the evolving threat landscape and challenges SOC teams face. Based on a recent survey1, 98% of SOC teams reported facing challenges.

The following are the top three challenges that every SOC team faces:

Shortage of cybersecurity skills: In the same survey1, 53% of SOCs are having difficulties hiring skilled personnel. This means that many SOC teams are understaffed and lack the advanced skills necessary to identify and respond to threats in a timely and effective manner. The (ISC)² Workforce Study2 estimated that the cybersecurity workforce needs to grow by 145% to close the skills gap and better defend organizations worldwide.

The massive shortage of skilled security professionals places organizations impacted by the shortage at a higher risk of cyberattacks. Due to staffing shortages, security teams often pursue only the most obvious incidents allowing other incidents that appear innocuous to get overlooked or de-prioritized.

Too many alerts: Many SOC teams utilize multiple disjointed security point tools to help make up for the shortage of staff. This myriad of security point tools work independently from the other, each generating their own alerts. The volume of security alerts continue to grow as more tools are added. The average SOC receives 10,000 alerts[1] each day from the different tools used.

With security teams today already inundated with work, the overwhelming number of alerts can cause alert fatigue. In addition, many of these alerts do not provide sufficient intelligence, context to investigate, or are false positives. False positives not only drain time and resources, but can also distract teams from real incidents.

Operational Overhead: The assortment of disconnected security tools also means that security personnel must translate security alerts and policies between environments, leading to costly, complex, and inefficient security operations.

When the SOC misses an attack

In February this year, a European bank with €1.1B revenue and 5,000 employees had to seek help from Check Point’s Incident Response Team (CPIRT) because of an outbreak of Ryuk ransomware. The ransomware caused 500 systems in the bank to go down, crippling the bank’s operations globally.

Even though the bank had a SOC team, the team had missed the attack, which started with a spear-phishing email. This led to a Trickbot Trojan infection that moved laterally within the bank’s network, infecting 500 hosts. The attackers then use Trickbot to deploy the Ryuk ransomware.

All of this could be avoided if the bank’s SOC team had a solution that enabled the team to quickly and accurately find and shut down attacks before the damage spreads.

Solving SOC Challenges

On July 7th, we will introduce Check Point Infinity SOC, a cloud-based platform designed to address SOC challenges and help SOC teams to achieve the certainty they need to do their jobs.

Join our webinar on July 7 to learn more.

Register now for a session that fits your schedule:


[1] Security Analysts Are Only Human, Dark Reading 2/21/2019