Over the years IT security monitoring has been dramatically transformed to become hybrid in nature. This hybrid model covers the key areas of cloud, mobile, social, Big Data and cost management within the security operations center (SOC). With this transformation, pressure is exerted on cyber defense centers to keep abreast with the advancement of the attacker community adding to the overall decline in the security operation maturity.
The security operation maturity of an organization is how it runs securely. The methodology uses a five-point scale where a score of “0” is given for a complete lack of operational elements, while a “5” is given for operations that are consistent, repeatable, documented, measured, tracked and continually improved upon.
According to this report which assessed SOCs located in 26 countries worldwide, the most advanced security operations centers in the world—of which there are only a few in operation today—will typically achieve an overall score of between 3 and 4. Mostly, organizations with a dedicated team focusing on threat detection will only score between 1 and 2.
To reliably detect malicious activity, threats and to have a systematic approach to manage those threats are the most successful criteria for a mature cyber defense capability. The ideal maturity score for a modern enterprise is 3. This can be reached by a mix of agility for certain processes and high maturity for others. Higher levels of maturity are costly to achieve and operations suffer in the pursuit thereof.
Those organizations that aim to achieve maturity levels of “5” lack an understanding of the nature of such capabilities and the threats they are defending against. Given the evolving threat factor, optimizing for repeatability and consistency is only marginally effective. As such a score of between 3 and 4 should be targeted as a maturity level to attain.
The report reveals that over the last five years, 25 per cent of cyber defense organizations that were assessed failed to score a security operations maturity level of 1. This has not changed much as with the current year 24 per cent scored below a 1. The findings point to the fact that these security organizations operate in an ad-hoc manner with undocumented processes.
Only 15 per cent of those that were assessed in 2015 are working toward or have achieved the recommended maturity levels. What is worrisome is that this leaves 85 per cent that are not achieving the recommended maturity levels.
The decline in security operation maturity indicates that a transition is needed in the modern SOC. That transition according to Chris Triolo, HPE Vice President, Security Product Global Services, “…[is] for SOC leaders to adapt and re-invent their operations in order to show definitive value to the business.”
A few adaptive trends in the form of hunt teams, deception grids, and data analytics-driven security are already in place for the more modern SOCs. By dedicating time and resources in their respective network of SOCs while using these techniques by leveraging the power of data and analytics, organizations can stay ahead of the adversary which is what HPE has been doing through their consulting practice.
As the adoption rate of new cloud and mobile functionality continues to increase, the report points out that the edges of the network get even more blurred while definitions of data ownership and breach responsibility continue to change. As this continues to evolve staffing and training remain the leading challenge of the modern SOC, paving the way for hybrid staffing models and hybrid infrastructures that require less in-house expertise. With this transformation highly skilled security team members can then be utilized for a more specialized hunt and analytics-focused work.
“There is no question this year has been both an exciting and challenging time to be in the field of cyber security. On one hand, it is disheartening to see the continued decline in the maturity and effectiveness of security operations, while, on the other, I know that we are in the middle of an exciting and transformative change in our field. You can feel it,” said Triolo. “We must go where the data leads us, and we believe that is to widen our definition of security operations to leverage analytics, data science, Big Data, and shared intelligence to become more effective in protecting today’s digital enterprise.”
To view the entire report, please go here.
Download the Infographic here.
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…