The State of Security Operations 2018
March 29, 2018

Despite the volume of cybersecurity threats rising, the fifth annual State of Security Operations Report 2018 from Micro Focus indicates that more mature Security Operational Centers (SOCs) are becoming more efficient in detection with greater ability to recover from breaches than ever before.

While the report reflects positive momentum in organizations adopting and deploying security solutions, it also indicates that 20% of the cyber defense organizations assessed over the past five years failed to score a Security Operations Maturity Model (SOMM) level 1, which according to the model translates to a complete lack of capability. These organizations continue to operate in an ad-hoc manner with undocumented processes and significant cracks in security and risk management.

“Over the last five years, we have watched organizations attempt to achieve a complete security transformation by applying Band-Aids – such as the purchase of peripheral products or dismantling of solutions – only to find poor results and poor business alignment,” said Matthew Shriner, VP, Security Professional Services for Micro Focus. “With that in mind, it is refreshing that when it comes to cyber defense capability, Micro Focus is seeing a much higher degree of operational sophistication than ever before. Nearly 25% of organizations assessed are meeting business goals, representing a nearly 10% year-over-year improvement.”

Each SOC is measured on the Micro Focus SOMM scale that evaluates the people and processes, technology, and business capabilities. According to the report, organizations are beginning to see a return on their security investments and are seeing more value out of the security solutions they have deployed, reporting an average 8% improvement across people and processes, the two dimensions measured that have historically struggled most.

Key observations include:

■ SOCs are quickly shifting to co-managed operations. This approach has allowed cyber defense programs to overcome the greatest challenge: a global shortage of cyber security talent. By setting up an operational relationship with a partner that includes regular interactions, SOC leaders can narrowly focus on the assets they want to protect and work with the partner operationally to perform the technology integration to make it happen.

■ SOCs running short on personnel are adopting security orchestration, automation, and response (SOAR) solutions. Organizations are investing in automating security incident investigation and management toolsets, and with deliberate implementation goals in mind, are experiencing positive results. The concept is sound, yet adoption is slow due to operational knowledge gaps.

■ Private sector organizations are systematically investing in the development of fusion centers. In its initial form, fusion centers took the “One SOC to Rule Them All” approach. This model continues to serve decentralized organizations well along with those that have grown quickly through M&A activity. Over the past year, fusion centers have evolved into combined disciplines that most organizations would deliberately separate in the past. The new form includes fusion centers that are preparing to combine data security monitoring & incident response and compliance reporting for GDPR.

■ The use of deception grids and impact on operations maturity has increased over the last year. It is because of the shift in the economy of an attack that deception grid solutions can be very attractive. Misinformation about target systems can alter the findings of scripted reconnaissance and cause attackers to deploy resources that are ineffective on the target system. Organizations are also starting to learn much about the attacker and the target of their campaign by analyzing the behavior of the attacker in the deception-oriented environment.

Methodology: The Micro Focus State of Security Operations Report provides deep analysis on the effectiveness of organizations’ SOCs and best practices for mitigating risk in the evolving cybersecurity landscape. Over the last five years, Micro Focus has shared findings from 200 assessments of 144 discreet SOC organizations in 33 countries. It includes organizations in the public and private sectors, enterprises across all industry verticals, as well as managed security service providers. This is the largest available dataset to draw conclusions about the state of cyber defense and enterprise security operations around the globe.

The methodology for assessments is based on the Micro Focus (formerly HPE) Security Operations Maturity Model (SOMM), which focuses on multiple aspects of a successful and mature security intelligence and monitoring capability including people, process, technology, and business functions. The SOMM uses a five-point scale – a score of “0” is given for a complete lack of capability while a “5” is given for a capability that is consistent, repeatable, documented, measured, tracked, and continually improved upon. The ideal composite maturity score for a modern enterprise is “3”, while managed security service providers (MSSPs) should target a maturity level between “3” and “4”. The reliable detection of malicious activity and threats to the organization, and a systematic approach to manage those threats are the most important success criteria for a mature cyber defense capability.

The Latest

November 15, 2018

Serverless infrastructure environments are set to become the dominant paradigm for enterprise technology deployments, according to a new report — Why the Fuss About Serverless? — released by Leading Edge Forum ...

November 14, 2018

What to automate? Which parts of the delivery process are good candidates? Which applications will benefit from automation? At first, those sound like silly questions. Automate all your repetitive processes. If you think that you'll do the same thing manually more than once, automate it. Why would you waste your creative potential and knowledge by doing things that are much better done by scripts? Yet, an average company does not adhere to that logic. Why is that? ...

November 13, 2018

I'd love to see more security automation deeply integrated into the development process. Everybody knows since the 1990s that security as an afterthought just doesn't work, yet we keep doing it. The reason, I think, is because it's very hard to automate security ...

November 09, 2018

DEVOPSdigest asked experts from across the IT industry for their opinions on what steps in the SDLC should be automated. Part 5, the final installment, covers deployment and production ...

November 08, 2018

DEVOPSdigest asked experts from across the IT industry for their opinions on what steps in the SDLC should be automated. Part 4 is all about security ...

November 07, 2018

DEVOPSdigest asked experts from across the IT industry for their opinions on what steps in the SDLC should be automated. Part 3 covers the development environment and the infrastructure ...

November 06, 2018

DEVOPSdigest asked experts from across the IT industry for their opinions on what steps in the SDLC should be automated. Part 2 covers the coding process ...

November 05, 2018

Everyone talks about automating the software development lifecycle (SDLC) but the first question should be: What should you automate? With this question in mind, DEVOPSdigest asked experts from across the IT industry for their opinions on what steps in the SDLC should be automated. Part 1 starts with by-far the most popular recommendation: Testing ...

October 31, 2018

Halloween is a time for all things spooky, but not when it comes to your mobile app experience. A poor experience can not only scare off your customers but keep them away for good ...

October 30, 2018

As organizations have embraced open source, they have become polyglot — using multiple programming languages and technology stacks to accomplish software and hardware related tasks. Enterprises are caught between the benefits provided by a polyglot environment and the complexities and challenges these environments bring. Ultimately, if the situation remains unchecked, polyglot will kill your enterprise ...

Share this