SANS SOC Survey 2025: What’s holding teams back and how to move forward

The 2025 SANS SOC Survey highlights persistent challenges faced by Security Operations Centers (SOCs) despite evolving technology, such as understaffing, tool sprawl, and inadequate performance metrics. SOCs struggle with staff retention, as many professionals feel unsupported and face high turnover, which weakens security posture. While AI and machine learning tools are being quickly adopted, they often fail to meet expectations due to lack of customization and strategic integration, adding complexity instead of delivering promised insights. Additionally, many SOCs dump data into Security Information and Event Management (SIEM) systems without a clear strategy, leading to inefficiencies in data retrieval and alert management. The survey indicates that SOCs often rely on manual processes for metrics reporting, which is time-consuming and misaligned with business outcomes. To address these issues, the report suggests automating repetitive tasks, customizing AI tools, developing clear data strategies, and aligning metrics with business value to enhance efficiency and impact.