SOCs forgo security basics, leaving 82 percent of organizations below target maturity levels and vulnerable
PALO ALTO, CA--(Marketwired - Jan 17, 2017) - Hewlett Packard Enterprise (HPE) (NYSE: HPE) today published its fourth annual
State
of Security Operations Report 2017, which provides deep analysis on the effectiveness of organizations'
security operations centers (SOCs), and best practices for mitigating risk in the evolving cybersecurity landscape. With
increased pressure to rapidly innovate and align security initiatives with business goals, a SOC provides the foundation for how
organizations protect their most sensitive assets, and detect and respond to threats. However, findings from this year's report
show that the majority of SOCs are falling below target maturity levels, leaving organizations vulnerable in the event of an
attack.
Published by HPE
Security Intelligence and Operations Consulting (SIOC), the report examines nearly 140 SOCs in more than 180 assessments
around the globe. Each SOC is measured on the HPE
Security Operations Maturity Model (SOMM) scale that evaluates the people, processes, technology and business capabilities
that comprise a security operations center. A SOC that is well-defined, subjectively evaluated and flexible is recommended for
the modern enterprise to effectively monitor existing and emerging threats; however, 82 percent of SOCs are failing to meet this
criteria and falling below the optimal maturity level.1 While this is a 3 percent improvement year-over-year, the
majority of organizations are still struggling with a lack of skilled resources, as well as implementing and documenting the most
effective processes.
"This year's report showcases that while organizations are investing heavily in security capabilities, they often chase
new processes and technologies, rather than looking at the bigger picture leaving them vulnerable to the sophistication and speed
of today's attackers," said Matthew Shriner, Vice President, Security Professional Services, Hewlett Packard Enterprise.
"Successful security operations centers are excelling by taking a balanced approach to cybersecurity that incorporates the right
people, processes and technologies, as well as correctly leverages automation, analytics, real-time monitoring, and hybrid
staffing models to develop a mature and repeatable cyber defense program."
Key Observations
- SOC maturity decreases with hunt-only programs. The implementation of hunt teams to search for
unknown threats has become a major trend in the security industry. While organizations that added hunt teams to their
existing real-time monitoring capabilities increased their maturity levels, programs that focused solely on
hunt teams had an adverse effect.1
-
Complete automation is an unrealistic goal. A shortage of security talent remains the number one
concern for security operations, making automation a critical component for any successful SOC. However, advanced
threats still require human investigation and risk assessments need human reasoning, making it imperative that
organizations strike a balance between automation and
staffing.1
- Focus and goals are more important than size of organization. There is no link between the size
of a business and maturity of its cyber defense center. Instead, organizations that use security as a
competitive differentiator, for market leadership, or to create alignment with their industry are better predictors
of mature SOCs.1
- Hybrid solutions and staffing models provide increased capabilities. Organizations that keep
risk management in-house, and scale with external resources, such as leveraging managed security services providers
(MSSPs) for co-staffing or in-sourcing, can boost their maturity and address the skills gap.1
Implications & Recommendations
As organizations continue to build and advance SOC deployments alongside the evolving adversary landscape, a solid
foundation based on the right combination of people, processes and technology is essential. To help organizations achieve this
balance, HPE recommends:
- Mastering the basics of risk identification, incident detection, and response, which are the foundation to any
effective security operations program, before leveraging new methodologies such as hunt teams.
- Automating tasks where possible, such as response automation, data collection, and correlation to help mitigate
the skills gap, but also understanding the processes that require human interaction and staffing accordingly.
- Periodic assessment of organizations' risk management, security and compliance objectives to help define security
strategy and resource allocation.
- Organizations that need to augment their security capabilities, but are unable to add staff should consider
adopting a hybrid staffing or operational solution strategy that leverages both internal resources and outsourcing to a
MSSP.
Methodology
The methodology for assessments is based on HPE's Security
Operations Maturity Model (SOMM), which focuses on multiple aspects of a successful and mature security intelligence and
monitoring capability including people, process, technology, and business functions. The SOMM uses a five-point scale -- a score
of "0" is given for a complete lack of capability while a "5" is given for a capability that is consistent, repeatable,
documented, measured, tracked, and continually improved upon. The ideal composite maturity score for a modern enterprise is "3",
while managed security service providers (MSSPs) should target a maturity level between "3" and "4". The reliable detection of
malicious activity and threats to the organization, and a systematic approach to manage those threats are the most important
success criteria for a mature cyber defense capability.
The full methodology is detailed in the report.
About HPE Security
HPE Security helps organizations detect and respond to cyber threats while safeguarding continuity and compliance
to effectively mitigate risk and incident impact. Delivering an integrated suite of market-leading
products, services,
threat intelligence and
security research, HPE Security helps customers proactively protect the interactions among users, applications and data,
regardless of location or device. With a global network of security operations centers and more than 5,000
IT security experts, HPE Security empowers customers and partners to safely operate and innovate while keeping pace with the
speed of today's idea economy. Find out more about HPE Security at
https://www.hpe.com/us/en/solutions/security.
Join HPE Software on
LinkedIn and follow @HPE_Software
on Twitter. To learn more about HPE Enterprise Security products and services on Twitter, please follow @HPE_Security
and join HPE Enterprise Security on
LinkedIn.
About Hewlett Packard Enterprise
Hewlett Packard Enterprise is an industry leading technology company that enables customers to go further, faster.
With the industry's most comprehensive portfolio, spanning the cloud to the data center to workplace applications, our technology
and services help customers around the world make IT more efficient, more productive and more secure.
1 "State of Security Operations Report 2017" HPE Security Intelligence and Operations Consulting (SIOC), January
2017.
Forward-Looking Statements
This document contains forward-looking statements within the meaning of the safe harbor provisions of the Private Securities
Litigation Reform Act of 1995. Such statements involve risks, uncertainties and assumptions. If such risks or uncertainties
materialize or such assumptions prove incorrect, the results of Hewlett Packard Enterprise could differ materially from those
expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact
are statements that could be deemed forward-looking statements, including any statements of the plans, strategies and objectives
of Hewlett Packard Enterprise for future operations; other statements of expectation or belief; and any statements of assumptions
underlying any of the foregoing. Risks, uncertainties and assumptions include the possibility that expected benefits may not
materialize as expected and other risks that are described in Hewlett Packard Enterprise's filings with the Securities and
Exchange Commission, including but not limited to the risks described in Hewlett Packard Enterprise's Registration Statement on
Form 10 dated July 1, 2015, as amended August 10, 2015, September 4, 2015, September 15, 2015, September 28, 2015 and October 7,
2015. Hewlett Packard Enterprise assumes no obligation and does not intend to update these forward-looking statements.