<p>Security Operations Center analysts stand on the front lines between their organizations and countless cyberthreats. How effectively an analyst reacts to any given security alert could mean the difference between a contained, minor incident and a full-on data breach.</p>
<p>Too often, however, SOC analysts suffer from poor workflows, outdated tools and overwhelming workloads. The resulting burnout fuels high turnover — something organizations can’t afford, given the <a href=”https://www.techtarget.com/searchsecurity/tip/Cybersecurity-skills-gap-Why-it-exists-and-how-to-address-it”>cybersecurity talent shortage</a>. Worse, these conditions create environments where security incidents go undetected or take longer to contain. For CISOs, improving analysts’ working conditions is a security imperative that directly impacts organizational risk.</p>
<section class=”section main-article-chapter” data-menu-title=”Why analyst experience matters in the SOC — and beyond”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Why analyst experience matters in the SOC — and beyond</h2>
<p>Forrester first <a target=”_blank” href=”https://www.forrester.com/blogs/announcing-analyst-experience-soc-analysts-finally-escape-the-shackles-of-bad-ux/” rel=”noopener”>coined the term</a> “analyst experience,” or AX, with analysts Allie Mellen and Jeff Pollard defining it as, “Security analysts’ perception of their interactions with a particular security product, service and process across various workstreams.”</p>
<p>Organizations, Mellen and Pollard noted, rely on analysts to recognize, classify, investigate and respond to cyberthreats that pose enormous risk to their organizations. Tools in the SOC, however, often fail to reflect the importance of their work. Siloed data, clunky integrations and poorly functioning user interfaces, they argued, make it unnecessarily challenging and unpleasant for analysts to do their jobs.</p>
<p>”Security teams are regularly forced into a reactive state by too many alerts, too little time and a fragmented security stack, leading to increased employee stress and burnout,” agreed Nicole Carignan, field CISO and senior vice president of security and AI strategy at Darktrace, a multinational cybersecurity firm based in Cambridge, England.</p>
<p>Consequences of neglecting the security analyst experience in the SOC include the following, according to experts and practitioners.</p>
<h3>Talent attrition</h3>
<p>Most, if not all, CISOs have grappled with <a href=”https://www.techtarget.com/searchsecurity/tip/Cybersecurity-skills-gap-Why-it-exists-and-how-to-address-it”>understaffing in the SOC</a> — a chronic problem that poor analyst experience makes worse. “Many organizations struggle to provide a good AX, which leads analysts to burn out or look for a role elsewhere,” Mellen said.</p>
<p>When unhappy analysts do inevitably quit, remaining team members inherit heavier workloads, further fueling problems and creating a vicious cycle.</p>
<h3>Compounding coverage gaps</h3>
<p>The effects of talent attrition compound over time. When an organization loses a trained analyst, it also loses months of domain understanding and muscle memory, said Heath Renfrow, co-founder and CISO at cyber disaster recovery firm Fenix24, based in Chattanooga, Tenn.</p>
<p>”That churn creates gaps in coverage, slower response times and greater risk during <a href=”https://www.techtarget.com/searchsecurity/feature/10-types-of-security-incidents-and-how-to-handle-them”>critical incidents</a>,” Renfrow added. “At scale, it becomes a vicious cycle: overworked teams make more mistakes, which increases pressure, which drives more attrition.”</p>
<p>For many, the emotional and mental toll quickly becomes untenable, according to Tom Levi, field CISO and director of cyber-risk strategy at CYE, a cybersecurity company based in Herzliya, Israel. “When there are staffing shortages in addition to the fear of getting something wrong, it becomes emotionally exhausting work that cannot be sustained long-term,” he said.</p>
<h3>Incident outcomes</h3>
<p>Poor analyst experience can lead to worse outcomes during <a href=”https://www.techtarget.com/searchsecurity/definition/incident-response”>security incidents</a>, according to Mellen. “Analysts who don’t have the information they need for investigation are not able to respond as quickly and effectively,” she said. “They also may spend excessive amounts of time chasing false positives, which prevents them from investigating true incidents.”</p>
<h3>Operational impact</h3>
<p>Poor analyst experience creates operational drag. When analysts must contend with cumbersome tooling, alert n
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: