Security Report: Finding the Right Balance of Automation and Human Interaction

HPEs State of Security Operations 2017 report reveals how quickly the cybersecurity landscape is changing and what you need to do to protect your enterprise

When it comes to cybersecurity, we are in the midst of very interesting times, said Matthew Shriner, VP Security Professional Services, HPE Security, in his letter introducing HPEs Fourth Annual State of Security Operations 2017 report.

There has never been a stronger connection between security initiatives and business goals, Shriner continued. The speed of organizations adoption of new innovations such as cloud, IoT and Big Data platforms is matched head-on by advancement of the attackers. The sophistication, agility and scale of attacks has made speed an imperative for any successful security operations center, and has led to a renewed focus on automation, real-time detection and response at scale.

Because of this changing cybersecurity landscape, the State of Security Operations 2017 report plays a vital role in assisting HPE and its customers in ensuring their security systems are meeting security challenges and business goals. For the report, more than 180 assessments were conducted in organizations around the globe, making it the largest data set of its kind in the industry.

The report found that more than a quarter of the security operation centers assessed are at minimal levels of effectiveness when it comes to cybersecurity. What that means, explained Kerry Matre, senior manager, Portfolio Marketing, HPE Security Products, is that many of these organizations use solutions that are ad hoc with nothing documented, or rely on a part-time security professionals rather than a full-time security team. Unfortunately, these organizations also believe that they are running at security operations capabilitywhen the fact is what they are doing is ineffective.

One of the trends that could be driving the low security ratings is that these organizations dont use real-time monitoring. What theyve done is moved away from real-time monitoring in favor of hunt teams and pure search and analytics technologies, Matre explained. Search technologies allow organizations to hunt and peck for one-off threats. The problem were finding is if they are only doing that without real-time protections, their maturity levels are very low. These organizations might not be attacked more often than more mature organizations, but when they are attacked, they are less effective at finding and responding to breaches.

On the other hand, organizations that use search technologies in addition to real-time monitoring increase in their maturity levels. These organizations have a hunt team that will find the one-off security threat and then feed information about the threat into their real-time monitoring solution to watch for further incidents.

The companies that turned to hunt team only threw out any maturity and processes they had, Matre said. It doesnt only affect technology in finding breaches, but it also affects staffing, which is one of the top challenges for security organizations. If you dont have repeatable processes that are documented, you dont have a way to hand off the information from one person to the next. Each new person has to come up with their own knowledge.

Staffing problemsincluding turnover and not having the right expertiseis another trend highlighted in the report. In response, organizations are turning to managed services to handle staffing solutions; however, using only a managed service provider is not the most effective method for security management.

What were seeing as most effective is a hybrid staffing solution, said Matre. Keep critical roles and risk assessment internal, but augment staff with a managed service provider. This is the most effective combination because it allows you to keep sensitive information within your organization without losing any functionality.

The HPE report tracked a new area this year: organizational size versus maturity. When it comes to security, bigger is not necessarily betterthe report found no correlation between organizational size and security maturity. Instead, what drives maturity are the goals of a security organization. For organizations that use security as a competitive differentiator or for market leadership, maturity is higherno matter the size.

And finally, the report found that while automation isnt the sole solution to achieving maturitythere is no silver bullet it can be a very effective solution when paired with the right human interaction. You still need a human for decision making and final risk assessments, said Matre. Organizations are trying to find a balance, and Im excited to see how that will evolve over the next year.

RELATED NEWS