News Security

SANS 2025 SOC Survey Exposes Critical Gaps in Data Strategy

85% of analysts say endpoint alerts drive response, yet 42% of SOCs lack a structured plan for incoming data

The SANS Institute’s newly released 2025 Global SOC Survey underscores a troubling disconnect in Security Operations Centers (SOCs) worldwide. While 85% of SOC analysts identify endpoint alerts as the primary trigger for incident response, 42% of SOCs admit to dumping all incoming data into SIEM platforms without a defined strategy for retrieval or analysis.

The report—considered one of the industry’s most comprehensive vendor-neutral benchmarks—draws insights from thousands of practitioners across the globe and reveals both the strengths and shortcomings of modern SOCs as they adapt to 24/7 operations, AI-driven tooling, and hybrid work environments.

“SOCs are the backbone of modern cyber defense, but many remain overwhelmed and under-resourced,” said Christopher Crowley, Certified Instructor at SANS Institute and lead author of the survey.

Key takeaways from the 2025 survey include:

  • 82% of SOCs report operating 24/7.
  • 85% of analysts rely primarily on endpoint alerts to initiate response.
  • 73% of SOCs allow some degree of remote work for personnel.
  • 42% of organizations lack a structured data management strategy, relying on raw ingestion into SIEMs.
  • 42% of SOCs use AI/ML tools in an out-of-the-box mode without customization.

Crowley warned that technology without investment is a recipe for failure:

“If company leadership isn’t prepared to fully commit the resources to make a tool effective, it would be better not to deploy it at all. A shiny new technology requires budget, training, time, and workflow integration.”

The report also provides a framework for evaluating SOC maturity based on capabilities, architecture, staffing, and the mix of in-house versus outsourced functions. This benchmarking is expected to help security leaders identify where their SOCs stand relative to peers and where investments are most urgently needed.

Related posts

New Study Warns Insider Threats and AI Complexities Are Driving File Security Risks to Record Highs

Enterprise IT World MEA

Ansarada Expands Middle East Presence with AI-Powered M&A Deal Technology

Enterprise IT World MEA

ESET Named Strong Performer in European MDR Evaluation

Enterprise IT World MEA

Leave a Comment