As organizations face an increasingly volatile threat landscape, security operations maturity remains well below optimal levels, with 85% of assessed organizations falling below the recommended threshold.
The Hewlett Packard Enterprise (HPE) third annual State of Security Operations Report 2016 highlights the critical role security operations centers (SOCs) play in protecting today’s digital enterprise. However, the study uncovered that the average SOC lacks basic security monitoring capabilities.
In 2015, 24% of assessed organizations only met minimum requirements to provide security monitoring, which translates to a lack of documentation with actions being executed on an ad hoc basis.
HPE postulates that the influx of new SOCs that enterprises are building to address evolving security challenges have been perhaps a bit hasty in their design, failing to strike the right performance balance across all areas of the SOC, from the foundation up.
“Organizations are investing heavily in cybersecurity, but the lack of skilled resources and the deployment of advanced solutions without a solid SOC foundation in place remain top concerns,” said Chris Triolo, vice president of Security Product Global Services at HPE. “To build a successful SOC, we recommend a holistic approach to security operations that includes mastering the basics of security monitoring, incident detection, breach escalation and response leveraging skilled resources from managed security services for complete or blended support, as well as implementing advanced data science, analytics and shared intelligence to more effectively protect the digital enterprise.”
The report also found that access to skilled security resources remains the top concern of organizations. To combat personnel shortages, enterprises are implementing hybrid staffing and hybrid security infrastructure models that require less in-house expertise, while still delivering on detection capabilities.
That said, business functions of SOCs are improving. This year’s report shows that SOC professionals have improved their ability to prioritize critical business needs and allocate necessary personnel and technology resources. In the past, the majority of organizations invested heavily in technology solutions for the SOC without the support required to maximize the ROI of such tools.
“Benefits from advanced analytics capabilities and threat intelligence will only be realized if a strong security operations framework exists,” HPE said in the report. “A single product or service will not provide the protection and operational awareness that organizations need. Instead, organizations must focus on a continuous investment in their cybersecurity posture that encompasses people, process, technology and business function to effectively mitigate risks.”
Modern SOCs are also implementing the latest security trends including hunt teams, deception grids, and data analytics-driven security. The study found that organizations moving to fifth-generation (5G/SOC) security operations are best equipped to recognize the changing threat landscape and approach security holistically.
And, Internet of Things (IoT) security monitoring is raising capabilities for businesses. Organizations in the energy and healthcare sectors that implemented smart meter monitoring and medical device monitoring, respectively, had higher maturity levels.
“HPE continues to find that the majority of cyber defense organizations’ operations remain below target maturity levels,” the report concluded. “A continual focus on mastering the basics and creating a solid foundation of risk identification, incident detection, breach escalation and response is key to effectiveness.”