The State of Security Operations 2018
March 29, 2018

Despite the volume of cybersecurity threats rising, the fifth annual State of Security Operations Report 2018 from Micro Focus indicates that more mature Security Operational Centers (SOCs) are becoming more efficient in detection with greater ability to recover from breaches than ever before.

While the report reflects positive momentum in organizations adopting and deploying security solutions, it also indicates that 20% of the cyber defense organizations assessed over the past five years failed to score a Security Operations Maturity Model (SOMM) level 1, which according to the model translates to a complete lack of capability. These organizations continue to operate in an ad-hoc manner with undocumented processes and significant cracks in security and risk management.

“Over the last five years, we have watched organizations attempt to achieve a complete security transformation by applying Band-Aids – such as the purchase of peripheral products or dismantling of solutions – only to find poor results and poor business alignment,” said Matthew Shriner, VP, Security Professional Services for Micro Focus. “With that in mind, it is refreshing that when it comes to cyber defense capability, Micro Focus is seeing a much higher degree of operational sophistication than ever before. Nearly 25% of organizations assessed are meeting business goals, representing a nearly 10% year-over-year improvement.”

Each SOC is measured on the Micro Focus SOMM scale that evaluates the people and processes, technology, and business capabilities. According to the report, organizations are beginning to see a return on their security investments and are seeing more value out of the security solutions they have deployed, reporting an average 8% improvement across people and processes, the two dimensions measured that have historically struggled most.

Key observations include:

■ SOCs are quickly shifting to co-managed operations. This approach has allowed cyber defense programs to overcome the greatest challenge: a global shortage of cyber security talent. By setting up an operational relationship with a partner that includes regular interactions, SOC leaders can narrowly focus on the assets they want to protect and work with the partner operationally to perform the technology integration to make it happen.

■ SOCs running short on personnel are adopting security orchestration, automation, and response (SOAR) solutions. Organizations are investing in automating security incident investigation and management toolsets, and with deliberate implementation goals in mind, are experiencing positive results. The concept is sound, yet adoption is slow due to operational knowledge gaps.

■ Private sector organizations are systematically investing in the development of fusion centers. In its initial form, fusion centers took the “One SOC to Rule Them All” approach. This model continues to serve decentralized organizations well along with those that have grown quickly through M&A activity. Over the past year, fusion centers have evolved into combined disciplines that most organizations would deliberately separate in the past. The new form includes fusion centers that are preparing to combine data security monitoring & incident response and compliance reporting for GDPR.

■ The use of deception grids and impact on operations maturity has increased over the last year. It is because of the shift in the economy of an attack that deception grid solutions can be very attractive. Misinformation about target systems can alter the findings of scripted reconnaissance and cause attackers to deploy resources that are ineffective on the target system. Organizations are also starting to learn much about the attacker and the target of their campaign by analyzing the behavior of the attacker in the deception-oriented environment.

Methodology: The Micro Focus State of Security Operations Report provides deep analysis on the effectiveness of organizations’ SOCs and best practices for mitigating risk in the evolving cybersecurity landscape. Over the last five years, Micro Focus has shared findings from 200 assessments of 144 discreet SOC organizations in 33 countries. It includes organizations in the public and private sectors, enterprises across all industry verticals, as well as managed security service providers. This is the largest available dataset to draw conclusions about the state of cyber defense and enterprise security operations around the globe.

The methodology for assessments is based on the Micro Focus (formerly HPE) Security Operations Maturity Model (SOMM), which focuses on multiple aspects of a successful and mature security intelligence and monitoring capability including people, process, technology, and business functions. The SOMM uses a five-point scale – a score of “0” is given for a complete lack of capability while a “5” is given for a capability that is consistent, repeatable, documented, measured, tracked, and continually improved upon. The ideal composite maturity score for a modern enterprise is “3”, while managed security service providers (MSSPs) should target a maturity level between “3” and “4”. The reliable detection of malicious activity and threats to the organization, and a systematic approach to manage those threats are the most important success criteria for a mature cyber defense capability.

The Latest

May 17, 2018

The top two business priorities for CIOs of midsize enterprises (MSEs) in 2018 are growth and digital transformation. However, 57 per cent of MSEs are not yet delivering digital initiatives, according to findings from Gartner Inc.'s 2018 CIO Agenda Survey ...

May 15, 2018

Almost every company is facing the challenge of digital transformation today. This means rethinking and retooling your company to compete and succeed in an increasingly digital world. While digital transformation is not only about technology, the right tools can help. To find out what these right tools are, APMdigest asked experts from across the IT industry for their opinions on the essential tools to support digital transformation ...

May 08, 2018

With data breaches consistently being in the news over the last several years, it is no wonder why data privacy has become such a hot topic and why the European Union (EU) has put in place General Data Protection Regulation (GDPR) which will become enforceable on May 25, 2018, which is less than a month away ...

May 03, 2018

The prospect of increased workloads, combined with shrinking mainframe skillsets, has huge implications for mainframe DevOps. The only way for organizations to solve this skills gap crisis is by optimizing developer productivity. Drilling down a level further, what does this all mean for mainframe DevOps? ...

May 02, 2018

When it comes to operations and development, DevOps has changed the traditional compartmentalized style of development by eliminating silos. But what about the security team? Security is largely still siloed from operations and development. No doubt, many DevOps teams have some security controls baked into their automation processes, but a recent survey shows there are still alarming gaps ...

April 30, 2018

According to the 2018 Global Security Trends in the Cloud report, 93 percent of respondents faced challenges when deploying their current on-premises security tools in the cloud, and 97 percent lacked the tools, cross-functional collaboration and resources to gain proper insight into security across the organization. These numbers indicate a big problem in DevSecOps that needs to be addressed ...

April 26, 2018

Moving more workloads to the cloud is a top IT priority, so eventually it will be time to consider how to make those critical legacy applications cloud ready. In Part 1 of this blog, I outlined the first four of eight steps to chart your cloud journey. In addition, consider the next four steps below ...

April 25, 2018

Clearly, moving applications to the cloud delivers significant advantages. So what's standing in the way of full cloud adoption? For many companies it's those burdensome (but critically important) legacy applications. Moving more workloads to the cloud is a top IT priority. So, eventually it will be time to consider how to make those critical legacy applications cloud ready. Consider the following eight steps to chart your cloud journey ...

April 24, 2018

Developers and engineering teams are under increasing pressure to release higher quality software faster. Continuous testing has proven to be central to these efforts as it helps eliminate bottlenecks and ensures that automated testing is a constant throughout the development process, not an exercise relegated to the "last mile." The value of automated testing is more evident than ever before, with nearly half the respondents reporting that management is fully committed to automated testing and with plans to increase spending, according to the recent Sauce Labs Testing Trends for 2018 report ...

April 19, 2018

As development speed has become a competitive advantage, the DevOps team has sought to enable continuous integration and continuous delivery (CI/CD). For the CI/CD process to be successful, it must be fast and efficient. Any potential roadblocks that delay any part of the process increase cycle times and slow down delivery ...

Share this