Kaspersky Report Highlights 57% SOC Blind Spot in Enterprise Cybersecurity

KHADAMATY-NEW

A new global report from Kaspersky Security Services, “Anatomy of a Cyber World,” reveals a critical blind spot in enterprise Security Operations Centers (SOCs): organizations are primarily measuring performance through speed-based metrics while overlooking whether they are actually detecting the right threats

According to the report, SOC effectiveness is still largely evaluated using traditional indicators such as mean time to detect (MTTD) and mean time to respond (MTTR). However, these metrics fail to reflect a deeper issue—whether detection systems are adequately covering the most relevant attack surfaces

Kaspersky’s findings show that, on average, SOCs achieve only 43% correlation rule coverage across collected data sources. This means more than half of ingested telemetry is not actively used for real-time threat detection, remaining limited to retrospective analysis, compliance, or threat hunting activities

The gap becomes more pronounced in larger environments. SOCs managing high data volumes typically cover only around 30% of their sources with active detection logic. Critical infrastructure such as network traffic, databases, and web servers are often left partially or fully unmonitored in real time, creating hidden security risks

The report also highlights inconsistent detection strategies across organizations. Nearly 50% of SOCs rely heavily on vendor-provided rules, while about 40% build custom detection logic internally. Both approaches present challenges, including false positives, tuning limitations, and coverage gaps