Few security operations centres are making progress: Report

Organizations that have invested in creating security operations centres are spending an increasing amount of money on cybersecurity, but a new study suggests many may not be getting further ahead.

For five years Hewlett-Packard Enterprise (HPE) has been measuring the progress of SOCs in 114 organizations and service providers in 26 countries including Canada, the U.S., Britain, Australia, China India and Brazil.

But HPE’s third report, released Tuesday, finds as a group they went backwards last year when scored in four areas: People, processes, business alignment and technologies.

“The median maturity level of cyber defense teams remain well below optimal levels,” says the report, adding there was a “year-over-year decline in overall security operation maturity” in 2015.

“In the quest for higher maturity, operations often suffer from stagnation, rigidity, and an overall low level of effectiveness,” the report says.

Briefly, the report says organizations are focusing more on technology than on people and processes — despite the fact that they are taking a more business attitude to security, such as increasing stakeholder involvement.

“Cyber defense teams (or providers offering managed SOC services) who aspire to achieve maturity levels of “5”  (the highest) lack an understanding or appreciation of the nature of such capabilities and the threats they are defending against. Given an agile and adaptive threat actor, optimizing for repeatability and consistency is only marginally effective.”

The fault lies in a combination of the shift in IT to hybrid models including cloud, mobile, social, and Big Data; a continued focus on cost management; and the continued collaboration and professionalization of attackers, Chris Triolo, HPE’s vice-president of security product global services, said in the report’s introduction.

For the study a security division that monitors the network for events (not necessarily 24 hours a day) qualifies as an SOC.

Some organizations in the study have made great progress and sustained it, Kerry Matre, an HPE senior product marketing manager, said in an interview, while others are just getting into security operations and are low scoring  But, she added, many have put money into an SOC and then funding dries up or the IT department’s focus has changed.

IT departments “are still struggling with the basics — having anything repeatable in their security operations. So there’s a lot of ad hoc (activity) … If you don’t have things documented that greatly affects your maturity score.”

HPE uses a modified version of the Carnegie Mellon Software Engineering Institute’s Capability Maturity Model for Integration (SEI-CMMI) to create a a five point scale where higher is better.

The most advanced security operations centers in the world will typically achieve an overall score between a level 3 and level 4 says the report — which adds that very few meet those marks. today. For most organizations, a consolidated aggregate score of level 3 is an appropriate goal. But in each of the areas measured, the report says the industry median score continues to fall between a 1 and 2.

In fact continuing a five-year trend, one-quarter of SOCs studied last year couldn’t even score 1. Only 15 per cent of assessed organizations met business goals and were working toward or have achieved recommended maturity levels. That left 85 per cent of organizations not achieving the recommended maturity levels, which is slightly lower than last year’s findings.

SIDEBAR: How two SOCs were scored

“A continual focus on mastering the basics and creating a solid foundation of risk identification, incident detection, and breach escalation as well as response remains key to effectiveness,” says the report. “Benefits from advanced analytics capabilities and threat intelligence will only be realized if a strong foundation of security operations exists.”

HPE “sees this as a pivotal moment for SOC leaders to adapt and re-invent their operations in order to show definitive value to the business” by adding capabilities such as hunt teams, deception grids (another term for honeypots or malware traps) and data analytics-driven security.

The goal, the report suggests, should be a so-called fifth-generation (5G/SOC) of security operations. They recognize the change in the threat landscape and take a holistic approach to defence. They train analysts in security counter-intelligence, surveillance, criminal psychology, and analytical thinking to augment technology investment. Most organizations have not implemented a 5G/SOC, says the report, “but those who have, seem to have benefited greatly from the intelligence-driven methodologies, information sharing, and the human adversary approach.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now