https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • Complete 2023 MSP 501 Rankings
    • 2023 MSP 501 50-1
    • 2023 MSP 501 100-51
    • 2023 MSP 501 150-101
    • 2023 MSP 501 200-151
    • 2023 MSP 501 250-201
    • 2023 MSP 501 300-251
    • 2023 MSP 501 350-301
    • 2023 MSP 501 400-351
    • 2023 MSP 501 450-401
    • 2023 MSP 501 501-451
    • NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Channel Futures 20: Top Tech Providers
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2023 MSP 501
    • 2023 NextGen 101
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2024 CP Expo Call for Speakers
    • Channel Futures Leadership Summit
    • MSP Summit
    • CP Conference & Expo
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • Complete 2023 MSP 501 Rankings
    • 2023 MSP 501 50-1
    • 2023 MSP 501 100-51
    • 2023 MSP 501 150-101
    • 2023 MSP 501 200-151
    • 2023 MSP 501 250-201
    • 2023 MSP 501 300-251
    • 2023 MSP 501 350-301
    • 2023 MSP 501 400-351
    • 2023 MSP 501 450-401
    • 2023 MSP 501 501-451
    • NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Channel Futures 20: Top Tech Providers
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2023 MSP 501
    • 2023 NextGen 101
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2024 CP Expo Call for Speakers
    • Channel Futures Leadership Summit
    • MSP Summit
    • CP Conference & Expo
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

MSSP Insider


Shutterstock

Report Card F

SOC Management Gets Poor Marks, with 42% of MSSPs ‘Completely Ineffective’

  • Written by Edward Gately
  • January 22, 2020
Just like in-house SOCs, MSSPs need to think differently about how they provide security.

A high number of organizations find their investment in security operations centers (SOCs), including those outsourced to MSSPs, to be expensive and yielding mediocre results, according to a new report from the Ponemon Institute and Respond Software.

The report is based on a new survey on the cost and effectiveness of today’s SOC. Ponemon surveyed 637 IT and IT security practitioners in organizations that have a SOC and are knowledgeable about cybersecurity practices in their organizations.

Among the report’s findings:

  • Forty-two percent find their MSSP to be completely ineffective.
  • Organizations spend nearly $2.9 million annually on their in-house SOC.
  • That cost significantly increases to more than $4.4 million annually if they outsource to an MSSP.
  • Sixty-five percent say the time spent hiring and training SOC analysts has a significant impact on the ability for those responsible to complete their other responsibilities.

Chris Triolo, Respond’s vice president of customer success, tells us a few findings “surprised our team.”

Respond Software's Chris Triolo

Respond Software’s Chris Triolo

“Almost half of IT security practitioners (49%) surveyed are dissatisfied with their SOC model (in-house or outsourced) and 44% report the ROI of their SOC is getting worse,” he said. “Part of this dissatisfaction stems from the high cost of MSSPs. Sixty-three percent of those who outsource to an MSSP plan to bring the SOC back in-house or move to another vendor.”

Similar to in-house SOCs, MSSPs still focus on a human-centric “brute force” approach, which is inefficient, Triolo said. There also is high attrition when it comes to SOC employees. It typically takes seven months to hire and train an analyst, but the average tenure afterward is two years, he said.

“MSSPs have limited access to internal IT environments, which prevents broad coverage, and they still deliver high false positive rates with minimal context and remediation capabilities to customers,” he said.

MSSPs can’t operate like they have been, Triolo said. Just like in-house SOCs, they have to think differently about how they provide security monitoring and incident response services, he said.

“While humans will always have an important role in cybersecurity strategy and response, security monitoring is better left to machines,” he said. “The organizations that come to this conclusion too slowly will be left behind, unable to scale their businesses or respond quickly to adversaries.”

There also is improved morale and less turnover associated with freeing up tier-1 security analysts to focus on threat hunting, incident response and other automation projects, Triolo said.

The report does include some encouraging signs, such as 73% of respondents reporting that their SOC is crucial to their security programs, and industries are starting to dedicate more budget toward their SOC.

“This study highlighted many of the challenges and perceptions regarding company SOCs, including the substantial impact and cost of personnel for in-house SOCs,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “Many organizations thus turn to outsourcing, but 58% find their MSSPs to be either ineffective or only moderately effective. This creates a conundrum that suggests a third-way solution is necessary.”

Tags: MSPs Business of Security Endpoint MSSP Insider People and Careers Security

Most Recent


  • Twenty, 20, SD-WAN providers, email security
    CF20: 2023's 20 Top Email Security Providers You Should Know
    Fortinet is here. So is Barracuda. See who else made this prestigious list and why.
  • 21st century technology vision for Oracle Cloud
    The Gately Report: Cybersecurity Fundamental to Oracle's 21st Century Technology Vision
    Plus, Exabeam's CEO weighs in on Cisco's acquisition of Splunk.
  • Cisco acquisition of Splunk gets partner reaction
    Partners Hope Splunk Keeps 'Pace of Innovation' in Cisco Acquisition
    All will be well if Cisco integrates Splunk the way it integrated Meraki, a partner told Channel Futures.
  • Cisco's Splunk acquisition a bombshell
    Cisco's Splunk Acquisition 'True Bombshell Move,' Will Have Massive Impact on Cybersecurity
    The combination should present immediate upsell opportunities.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • DevSecOps
    ServiceNow, Microsoft Set to Deliver Broad SecOps Integration
  • Dunce Cap Businessman
    Tired of MSSPs ‘Failing,’ Nuspire Debuts Platform to Combat Cyberattacks
  • Malicious hacker at computer with code
    FragAttacks Wi-Fi Vulnerabilities Pose Widespread Threat to Individuals, Businesses
  • Colonial Pipeline Just the Latest Victim in Darkside Ransomware Crime Spree

Upcoming Events

View all

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Channel Partners Conference & Expo

March 11, 2024 - March 14, 2024

Channel Futures Leadership Summit 2024

September 17, 2024 - September 19, 2024

Galleries

View all

CF20: 2023’s 20 Top Email Security Providers You Should Know

September 26, 2023

2023 MSP 501 Channel Disruptors: These Companies Are Shaking Things Up

September 25, 2023

The Gately Report: Cybersecurity Fundamental to Oracle’s 21st Century Technology Vision

September 25, 2023

Industry Perspectives

View all

Partners Balance Multicloud Opportunity, Complexity

September 25, 2023

Why Conversational AI Matters for Your Customers and How It Can Boost Your Revenue

September 15, 2023

The 5 Ds that Lead to Unplanned Business Sales

September 13, 2023

Webinars

View all

MSP 501: Leadership in Cybersecurity

October 19, 2023

DE&I: Find the Balance that Works for You

September 7, 2023

Above and Beyond with the NextGen 101ers

August 30, 2023

White Papers

View all

6 UCaaS Reseller Challenges and How Real World Businesses Solved Them

February 1, 2023

Frost Radar: North American UCaaS Market, 2022

February 1, 2023

The Complete Guide to White-Label UCaaS for Reseller Success

February 1, 2023

Channel Futures TV

View all

Coffee with Craig and James Episode 129: ZLH Enterprises

Coffee with Craig and James Episode 128: Channel Partner Strategies Intelligence Service

August 25, 2023

Coffee with Craig and James Episode 127: Expereo, Movie Night Returns

August 18, 2023

Coffee with Craig and James Episode 126: ARG

July 28, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X