Majority of security operations centers (SOCs) of organisations are falling below their target of mitigating risk in the evolving cybersecurity landscape, according to Hewlett Packard Enterprise’s fourth annual State of Security Operations Report 2017.
Published by HPE Security Intelligence and Operations Consulting (SIOC), the report found that 82 percent of SOCs are failing to meet their targets and falling below the optimal maturity level.
While this is a 3 percent improvement year-over-year, the majority of organizations are still struggling with a lack of skilled resources, as well as implementing and documenting the most effective processes.
The report examined nearly 140 SOCs in more than 180 assessments around the globe.
“This year’s report showcases that while organizations are investing heavily in security capabilities, they often chase new processes and technologies, rather than looking at the bigger picture leaving them vulnerable to the sophistication and speed of today’s attackers,” said Matthew Shriner, Vice President, Security Professional Services, Hewlett Packard Enterprise.
According to Shriner, successful security operations centers are excelling by taking a balanced approach to cybersecurity that incorporates the right people, processes and technologies, as well as correctly leverages automation, analytics, real-time monitoring, and hybrid staffing models to develop a mature and repeatable cyber defense program.
Key observations of the report include that the implementation of hunt teams to search for unknown threats has become a major trend in the security industry.
While organizations that added hunt teams to their existing real-time monitoring capabilities increased their maturity levels, programs that focused solely on hunt teams had an adverse effect.
HPE further states that complete automation is an unrealistic goal. A shortage of security talent remains the number one concern for security operations, making automation a critical component for any successful SOC.
However, advanced threats still require human investigation and risk assessments need human reasoning, making it imperative that organizations strike a balance between automation and staffing.1
Hybrid solutions and staffing models provide increased capabilities. Organizations that keep risk management in-house, and scale with external resources, such as leveraging managed security services providers (MSSPs) for co-staffing or in-sourcing, can boost their maturity and address the skills gap.
#Mastering the basics of risk identification, incident detection, and response
#Automating tasks where possible, such as response automation, data collection, and correlation to help mitigate the skills gap
#Periodic assessment of organizations’ risk management, security and compliance objectives
#Organizations that need to augment their security capabilities, but are unable to add staff should consider adopting a hybrid staffing or operational solution strategy