More IT security teams meeting business, maturity goals, says study

Security teams may finally understand how to forge strong defences against online attacks, a new report suggests.

In its fifth annual State of Security Operations Report, which studies the efforts of 144 security operations centres in organizations across 33 countries, Micro Focus concluded that in 2017 there was “a turning of tide” after seeing cyber defense programs “zig and zag in terms of maturity.”

“Over the last five years, 25 percent of organizations assessed are meeting business goals and are working toward or have achieved recommended maturity levels,” says the report, which was released Monday. That’s a seven per cent improvement over the findings in 2016 , and a 12 per cent improvement over the last three years, says the study.

However, it adds, only five per cent of assessed organizations were operating at recommended target levels of capability and maturity.

In fact 20 percent of cyber defense organizations assessed over the past five years failed to meet the study’s level 1 security operations maturity model  standards.  “These organizations continue to operate in an ad-hoc manner with undocumented processes and significant gaps in security and risk management. Although the number is still higher than we would like to see, this shift was also an overall improvement over the trend established in previous years.”

The report’s author say the most important success criteria for a mature cyber defense capability is reliable detection of malicious activity and threats to the organization and a systematic approach to manage those threats that fully leverages the people, processes, and technology available to the organization.

Yet “most security operations centers continue to be over-invested in technologies, often failing to take full advantage of each tool’s capabilities. In spite of heavy technology investment, many struggle to prevent, detect, respond, and recover from cyber security attacks. Timely response outcomes are possible only
through repeatable, mature operations, when organizations establish a culture that keeps up with the dynamics of IT, risk, and regulatory change.

The State of Security Operations Report was created and released by Hewlett-Packard, and, after it split, Hewlett-Packard Enterprise. However, last September HPE sold its software division, including security services, to U.K.-based Micro Focus for about US$8.8 billion.

The study measures participating organizations using a security operations maturity model partly based on the Carnegie Mellon Software Engineering Institute Capability Maturity Model for Integration (SEI-CMMI). The ideal composite maturity score for a modern enterprise cyber defense capability is level 3 on a five-point scale, the report says, where  the capability is “defined.” This is achieved with a complimentary mixture of agility for certain processes and high maturity for others. The most advanced security operations centers in the world will typically achieve an overall score between a level 3 and level 4—there are very few of these organizations in existence today, says the report.

In the most recent report the median maturity of all security operations centres (SCO) studied reached 1.42. (Previous reports have taken a broad definition of an SOC).

“While SOCs in this range are generally getting the job done,” the report says, the authors often see a lack of repeatability, metrics, and continuous improvement. That means the effectiveness and sustainability of those cyber defense programs are unpredictable across most organizations, it points out.

Among the best SOCs the authors saw a much higher degree of operational sophistication than ever before. Organizations are:
■ quickly shifting to co-managed operations in partnership with vendors and niche providers to overcome the global shortage of cyber security talent;
■ rapidly adopting security orchestration, automation, and response solutions to gain efficiencies and repeatability in the handling of high fidelity alerts;
■ systematically investing in the development of Security Fusion Centers that can span the operational overlap of multiple domains such as data security and compliance, monitoring for insider threats and privileged access through behavior analytics, and building effective consolidated operations and incident response for hunt, threat intelligence and IT operations.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Article

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows that as the demand for skilled workers...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now