SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Harnessing the power of security operations centres
Wed, 10th Feb 2016
FYI, this story is more than a year old

As organisations face an increasingly volatile threat landscape, security operations centres (SOCs) play an important role in protecting the digital enterprise.

This is according to the third annual State of Security Operations Report 2016 by Hewlett Packard Enterprise.

The report assesses SOC maturity levels to help organisations improve their security posture and understand the components of a successful security operations organisation. It examines 114 SOCs in more than 150 assessments around the globe and measures four areas of performance: people, processes, technology and business function.

This year's report indicates that security operations maturity remains well below optimal levels, with 85% of assessed organisations falling below recommended maturity levels.

While this number is alarmingly high, it accounts for the influx of new SOCs that enterprises are building to address evolving security challenges. These findings also demonstrate the need for organisations to strike the right performance balance across all areas of the SOC, from the foundation up, says HPE.

"Organisations are investing heavily in cyber security, but the lack of skilled resources and the deployment of advanced solutions without a solid SOC foundation in place remain top concerns," says Chris Triolo, Hewlett Packard Enterprise vice president of security product global services.

"To build a successful SOC, we recommend a holistic approach to security operations that includes mastering the basics of security monitoring, incident detection, breach escalation and response leveraging skilled resources from managed security services for complete or blended support, as well as implementing advanced data science, analytics and shared intelligence to more effectively protect the digital enterprise,” he says.

Key findings from the report are below:

Access to skilled security resources remains the top concern of organisations

To combat personnel shortages, enterprises are implementing hybrid staffing and hybrid security infrastructure models that require less in-house expertise, while still delivering on detection capabilities.

The average SOC lacks basic security monitoring capabilities

In 2015, 24% of assessed organisations only met minimum requirements to provide security monitoring, which translates to a lack of documentation with actions being executed on an ad hoc basis.

Business functions of SOCs are improving

This year's report shows that SOC professionals have improved their ability to prioritise critical business needs and allocate necessary personnel and technology resources.

In the past, the majority of organisations invested heavily in technology solutions for the SOC without the support required to maximise the ROI of such tools. A continuous investment into all facets of a cyber-defence organisation is necessary to achieve and maintain optimal maturity, HPE says.

Modern SOCs are implementing the latest security trends

Organisations moving to fifth-generation (5G/SOC) security operations are best equipped to recognise the changing threat landscape and approach security holistically.

This includes implementing solutions such as hunt teams, deception grids, and data analytics-driven security.

Internet of Things (IoT) security monitoring is raising capabilities for businesses

Organisations in the energy and healthcare sectors that implemented smart metre monitoring and medical device monitoring, respectively, had higher maturity levels.

Implications and recommendations

HPE continues to find that the majority of cyber defence organisations' operations remain below target maturity levels.

A continual focus on mastering the basics and creating a solid foundation of risk identification, incident detection, breach escalation and response is key to effectiveness, the company says.

Benefits from advanced analytics capabilities and threat intelligence will only be realised if a strong security operations framework exists. A single product or service will not provide the protection and operational awareness that organisations need.

Instead, organisations must focus on a continuous investment in their cyber security posture that encompasses people, process, technology and business function to effectively mitigate risks, HPE says.