Vectra AI surveyed 119 SOC professionals to find out how they spend their day-to-day.
As organizations grow bigger and their environments expand to a mixture of on-premises and cloud, the day-to-day of a SOC professional becomes more complex. To understand how SOC professionals are spending their time each day, we surveyed over 100 professionals – and found that SOC professionals are spending an overwhelming amount of time and talent on parts of their jobs that can be outsourced and automated.
Top 5 tasks SOC professionals perform daily
SOC professionals do many things within their day, but in this survey, we narrowed it down to 5 main tasks:
-
Configuring security posture, including identifying threats, building alerts, and triaging filters
-
Tuning rules
-
Managing alerts
-
Investigating false positives
-
Creating reports
Obviously the day-to-day of each SOC professional can look very different depending on their assigned responsibilities and specific roles however, for simplicity's sake, we focused on these 5 tasks for our survey.
SOC Professionals' 10-Hour Workday: Key Insights
SOC professionals are most likely working 10 hours a day, if not more. We came to this conclusion because the results from the survey suggest that SOC professionals are spending, on average, over 8 hours a day on the 5 security tasks we outlined. Specifically, they are spending 8.7 hours a day within a 5-person SOC team. Considering the typical 8-hour workday of an average corporate employee in the US, SOC professionals are already working more than the typical workday by nearly an hour – and that’s only on the 5 SOC tasks outlined. That doesn’t cover administrative tasks, meetings, and other security-related projects.
SOC professionals are mostly spending their workday managing alerts at an average of 2.56 hours per day. This makes sense as the bulk of their jobs involve securing their organizations from incoming threats. The surprising point is that the next most time-consuming task – investigating false positives which takes up 1.83 hours per day on average. This is nearly 2 hours a day of looking at alerts that end up not being threats at all. Those almost 2 hours could have been dedicated to beefing up security elsewhere in the organization, achieving certifications for business-critical security processes, or even a long, well-deserved lunch break.
Offload, optimize, and automate SOC work with Vectra AI
What we say from this survey is that the current day-to-day for SOC professionals does not need to be that way.
This is where the Vectra AI Platform with its AI-driven integrated signal and seasoned MXDR experts can help today’s SOC professionals offload those precious hours and talents on managing alerts, configuring policies, and investigating false positives. With Vectra MXDR and the Vectra AI Platform, SOC professionals can get coverage, clarity, and control on their security programs without having to sacrifice more time and talent, opening opportunities for them to defend their organization from real threats, build their careers, and mentor other analysts.
Vectra Al is the best find of the NWU company for cyber security of Ukraine
Thanks to the NWU company, which is the official distributor of Vectra Al in Ukraine, you can now buy NDR (Network Detection and Response) from the world leader of the domestic IT market, which is an integral part of the SOC triad.
Vectra AI, Inc. is the leader in hybrid attack detection, investigation and response. The Vectra AI Platform delivers integrated signal across public cloud, SaaS, identity, and data center networks in a single platform. Vectra AI’s patented Attack Signal Intelligence empowers security teams to rapidly detect, prioritize, investigate and stop the most advanced hybrid cyber-attacks. With 35 patents in AI-driven detection and the most vendor references in MITRE D3FEND, organizations worldwide rely on the Vectra AI Platform and MDR services to move at the speed and scale of hybrid attackers.
Buy NDR for SOC or order for testing
Products Vectra