New SOC Research Reveals Security Teams Overconfident in Detecting Cyberthreats, Not Focused on Threat Dwell Time

Exabeam’s ‘2020 State of the SOC Report’ also reveals 40% of companies struggle with staff shortages and a security skills gap

FOSTER CITY, Calif.--()--Exabeam, the Smarter SIEM™ company, today released its annual ‘2020 State of the SOC Report,’ examining the processes and effectiveness of corporate security operations centers (SOCs). This year’s study reveals that 82% of SOCs are confident in the ability to detect cyberthreats, despite just 22% of frontline workers tracking mean time to detection (MTTD), which helps determine hacker dwell time. Compounding this unfounded confidence, 40% of organizations still struggle with SOC staff shortages and finding qualified people to fill the cybersecurity skills gap.

The survey, conducted among 295 respondents across the U.S., the U.K., Canada, Germany and Australia, was also fielded to determine how analysts and SOC management view key aspects of their operations, hiring and staffing, retention, technologies, training and funding.

“From 2018-2019, we learned that dwell time - or, the time between when a compromise first occurs and when it is first detected - has grown. Based on this, it is surprising for SOCs to report such inflated confidence in detecting cyberthreats,” said Steve Moore, chief security strategist at Exabeam. “We see great progress in the SOC with attention paid to employee well-being, measures for better communication and more. However, disparate perceptions of the SOCs’ effectiveness could be dangerously interpreted by the C-suite as assurances that the company is well-protected and secure, when it’s not.”

Highlighting the imbalance is that SOC leaders and frontline analysts do not agree on the most common threats facing the organization. SOC leaders believe that phishing and supply chain vulnerabilities are more important issues, while analysts see DDoS attacks and ransomware as greater threats.

Technology Trends

Small- and medium-sized teams especially are more concerned with downtime or business outage (50%) over threat hunting as an operational metric, yet threat hunting stands out as a must-have hard skill (61%). Other prominent findings include:

  • SOC outsourcing in the U.S. has declined YoY (36% to 28%)
  • U.K. outsourcing had a YoY increase (36% to 47%)
  • Germany reported 47% outsourcing, primarily of threat intelligence services
  • Australian SOCs struggle in most categories and need improvement in technology updates, monitoring events and responding to/analyzing incidents

In general, monitoring and analytics, access management and logging are higher priorities this year for all SOC roles.

  • More than half of SOCs were found to log at least 40% of events in a SIEM
  • The U.K. utilizes logging the most, compared with geographic counterparts
  • SOCs are least able (35%) to create content, the skill around the creation of detection logic, validation, tuning and reporting

To support this, most SOCs expect to see security orchestration, automation and response (SOAR) tools take precedence over other technologies in upcoming years.

Staffing Trends

The U.S. and the U.K. SOCs have shown YoY improvements in recruiting costs and identifying candidates with the right expertise. Workplace benefits, high wages and a positive culture were this year’s top drivers for retention in nearly 60% of SOCs. Notably, there remain challenges:

  • 23% of SOC personnel across the U.S. and 35% across Canada report being understaffed by more than 10 employees
  • 64% of frontline employees in the SOC reported a lack of career path as a reason for leaving jobs
  • Less effective SOCs reported feeling they lacked the necessary investment in technology, training and staffing to do their jobs well

For more information, or to download the full report, please visit

About Exabeam

Exabeam is the Smarter SIEM™ company. We help security operations and insider threat teams work smarter, allowing them to detect, investigate and respond to cyberattacks in 51 percent less time. Security organizations no longer have to live with excessive logging fees, missed distributed attacks and unknown threats, or manual investigations and remediation. With the modular Exabeam Security Management Platform, analysts can collect unlimited log data, use behavioral analytics to detect attacks, and automate incident response, both on-premise and in the cloud. Exabeam Smart Timelines, sequences of user and device behavior created using machine learning, further reduce the time and specialization required to detect attacker tactics, techniques, and procedures. For more information, visit

Exabeam, the Exabeam logo, Threat Hunter, Smarter SIEM, Smart Timelines and Security Management Platform are service marks, trademarks or registered marks of Exabeam, Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2020 Exabeam, Inc. All rights reserved.


Touchdown PR for Exabeam
Alyssa Pallotti

Release Summary

Exabeam today released its annual '2020 State of the SOC Report.'


Touchdown PR for Exabeam
Alyssa Pallotti