The State of Security Operations 2018
March 29, 2018

Despite the volume of cybersecurity threats rising, the fifth annual State of Security Operations Report 2018 from Micro Focus indicates that more mature Security Operational Centers (SOCs) are becoming more efficient in detection with greater ability to recover from breaches than ever before.

While the report reflects positive momentum in organizations adopting and deploying security solutions, it also indicates that 20% of the cyber defense organizations assessed over the past five years failed to score a Security Operations Maturity Model (SOMM) level 1, which according to the model translates to a complete lack of capability. These organizations continue to operate in an ad-hoc manner with undocumented processes and significant cracks in security and risk management.

“Over the last five years, we have watched organizations attempt to achieve a complete security transformation by applying Band-Aids – such as the purchase of peripheral products or dismantling of solutions – only to find poor results and poor business alignment,” said Matthew Shriner, VP, Security Professional Services for Micro Focus. “With that in mind, it is refreshing that when it comes to cyber defense capability, Micro Focus is seeing a much higher degree of operational sophistication than ever before. Nearly 25% of organizations assessed are meeting business goals, representing a nearly 10% year-over-year improvement.”

Each SOC is measured on the Micro Focus SOMM scale that evaluates the people and processes, technology, and business capabilities. According to the report, organizations are beginning to see a return on their security investments and are seeing more value out of the security solutions they have deployed, reporting an average 8% improvement across people and processes, the two dimensions measured that have historically struggled most.

Key observations include:

■ SOCs are quickly shifting to co-managed operations. This approach has allowed cyber defense programs to overcome the greatest challenge: a global shortage of cyber security talent. By setting up an operational relationship with a partner that includes regular interactions, SOC leaders can narrowly focus on the assets they want to protect and work with the partner operationally to perform the technology integration to make it happen.

■ SOCs running short on personnel are adopting security orchestration, automation, and response (SOAR) solutions. Organizations are investing in automating security incident investigation and management toolsets, and with deliberate implementation goals in mind, are experiencing positive results. The concept is sound, yet adoption is slow due to operational knowledge gaps.

■ Private sector organizations are systematically investing in the development of fusion centers. In its initial form, fusion centers took the “One SOC to Rule Them All” approach. This model continues to serve decentralized organizations well along with those that have grown quickly through M&A activity. Over the past year, fusion centers have evolved into combined disciplines that most organizations would deliberately separate in the past. The new form includes fusion centers that are preparing to combine data security monitoring & incident response and compliance reporting for GDPR.

■ The use of deception grids and impact on operations maturity has increased over the last year. It is because of the shift in the economy of an attack that deception grid solutions can be very attractive. Misinformation about target systems can alter the findings of scripted reconnaissance and cause attackers to deploy resources that are ineffective on the target system. Organizations are also starting to learn much about the attacker and the target of their campaign by analyzing the behavior of the attacker in the deception-oriented environment.

Methodology: The Micro Focus State of Security Operations Report provides deep analysis on the effectiveness of organizations’ SOCs and best practices for mitigating risk in the evolving cybersecurity landscape. Over the last five years, Micro Focus has shared findings from 200 assessments of 144 discreet SOC organizations in 33 countries. It includes organizations in the public and private sectors, enterprises across all industry verticals, as well as managed security service providers. This is the largest available dataset to draw conclusions about the state of cyber defense and enterprise security operations around the globe.

The methodology for assessments is based on the Micro Focus (formerly HPE) Security Operations Maturity Model (SOMM), which focuses on multiple aspects of a successful and mature security intelligence and monitoring capability including people, process, technology, and business functions. The SOMM uses a five-point scale – a score of “0” is given for a complete lack of capability while a “5” is given for a capability that is consistent, repeatable, documented, measured, tracked, and continually improved upon. The ideal composite maturity score for a modern enterprise is “3”, while managed security service providers (MSSPs) should target a maturity level between “3” and “4”. The reliable detection of malicious activity and threats to the organization, and a systematic approach to manage those threats are the most important success criteria for a mature cyber defense capability.

Share this

Industry News

March 28, 2024

Check Point® Software Technologies Ltd. announced a collaboration with Microsoft that utilizes the Microsoft Azure OpenAI Service to enhance Check Point Infinity AI Copilot, marking a significant advancement in cyber security AI applications.

March 28, 2024

ArmorCode announced ArmorCode Risk Prioritization, providing a 3D scoring approach for managing application security risks.

March 28, 2024

AppViewX and Fortanix announced a partnership to offer cloud-delivered secure digital identity management and code signing.

March 27, 2024

WaveMaker has updated its platform in response to customer demand for more sophisticated API and code management tools.

March 27, 2024

Vercara announced the launch of UltraAPI™, a product suite that protects APIs and web applications from malicious bots and fraudulent activity while ensuring regulatory compliance.

March 27, 2024

Legit Security announced the launch of its standalone enterprise secrets scanning product, which can detect, remediate, and prevent secrets exposure across the software development pipeline.

March 26, 2024

Progress announced a strategic partnership with Veeam® Software, the #1 leader by market share in Data Protection and Ransomware Recovery, to provide customers with an enterprise-ready cyber defense solution that strengthens the security of their business-critical data.

March 26, 2024

GitGuardian released its Software Composition Analysis (SCA) module.

March 26, 2024

DataStax announced a milestone in its journey to simplify enterprise retrieval-augmented generation (RAG) for developers by integrating with Microsoft Semantic Kernel.

March 25, 2024

Check Point® Software Technologies Ltd. is collaborating with NVIDIA to enhance the security of AI cloud infrastructure. Integrating NVIDIA BlueField DPUs, which feature a broad range of purpose-built, innovative security capabilities, the new Check Point AI Cloud Protect solution will help prevent threats at both the network and host levels.

March 25, 2024

Sentry announced the release of Autofix, an AI-powered feature to debug and fix code in minutes, saving important time and resources.

March 25, 2024

Apiiro announced a product integration and partnership with Secure Code Warrior, the agile developer security training platform, to extend its ASPM technology and processes to the people layer.

March 21, 2024

Progress announced that Progress® Semaphore™, its metadata management and semantic AI platform, was named a Champion in SoftwareReviews’ 2024 Metadata Management Emotional Footprint Awards.

March 21, 2024

The Cloud Native Computing Foundation® (CNCF®) has partnered with Udemy, an online skills marketplace and learning platform.

March 21, 2024

GitLab has acquired Oxeye, the provider of a cloud-native application security and risk management solution.