Hewlett Packard Enterprise Finds Security Operations Centers Lack Maturity and Skilled Professionals in 2016 State of Security Operations Report
Organizations that master the basics of security detection, escalation and response place themselves ahead of the curve
PALO ALTO, Calif., January 19, 2016 – Hewlett Packard Enterprise (HPE) today published its third annual State of Security Operations Report 2016, highlighting the critical role security operations centers (SOCs) play in protecting today’s digital enterprise. As organizations face an increasingly volatile threat landscape, the report assesses SOC maturity levels to help organizations improve their security posture and understand the components of a successful security operations organization.
Published by HPE Security Intelligence and Operations Consulting (SIOC), the report examines 114 SOCs in more than 150 assessments around the globe and measures four areas of performance: people, processes, technology and business function. This year’s report indicates that security operations maturity remains well below optimal levels, with 85 percent of assessed organizations falling below recommended maturity levels.1 While this number is alarmingly high, it accounts for the influx of new SOCs that enterprises are building to address evolving security challenges. These findings also demonstrate the need for organizations to strike the right performance balance across all areas of the SOC, from the foundation up.
“Organizations are investing heavily in cyber security, but the lack of skilled resources and the deployment of advanced solutions without a solid SOC foundation in place remain top concerns,” said Chris Triolo, Vice President of Security Product Global Services at Hewlett Packard Enterprise. “To build a successful SOC, we recommend a holistic approach to security operations that includes mastering the basics of security monitoring, incident detection, and breach escalation and response, leveraging skilled resources from managed security services for complete or blended support, as well as implementing advanced data science, analytics and shared intelligence to more effectively protect the digital enterprise.”
- Access to skilled security resources remains the top concern of organizations. To combat personnel shortages, enterprises are implementing hybrid staffing and hybrid security infrastructure models that require less in-house expertise, while still delivering on detection capabilities.1
- The average SOC lacks basic security monitoring capabilities. In 2015, 24 percent of assessed organizations only met minimum requirements to provide security monitoring, which translates to a lack of documentation with actions being executed on an ad hoc basis.1
- Business functions of SOCs are improving. This year’s report shows that SOC professionals have improved their ability to prioritize critical business needs and allocate necessary personnel and technology resources. In the past, the majority of organizations invested heavily in technology solutions for the SOC without the support required to maximize the ROI of such tools. A continuous investment into all facets of a cyber-defense organization is necessary to achieve and maintain optimal maturity.1
- Modern SOCs are implementing the latest security trends including hunt teams, deception grids, and data analytics-driven security. Organizations moving to fifth-generation (5G/SOC) security operations are best equipped to recognize the changing threat landscape and approach security holistically.1
- Internet of Things (IoT) security monitoring is raising capabilities for businesses.Organizations in the energy and healthcare sectors that implemented smart meter monitoring and medical device monitoring, respectively, had higher maturity levels.1
Implications & Recommendations
HPE continues to find that the majority of cyber defense organizations’ operations remain below target maturity levels. A continual focus on mastering the basics and creating a solid foundation of risk identification, incident detection, breach escalation and response is key to effectiveness. Benefits from advanced analytics capabilities and threat intelligence will only be realized if a strong security operations framework exists. A single product or service will not provide the protection and operational awareness that organizations need. Instead, organizations must focus on a continuous investment in their cyber security posture that encompasses people, process, technology and business function to effectively mitigate risks.
The methodology for assessments is based on HPE’s security operations maturity model (SOMM), which focuses on multiple aspects of a successful and mature security intelligence and monitoring capability including people, process, technology, and business functions. The SOMM uses a five-point scale – a score of “0” is given for a complete lack of capability while a “5” is given for a capability that is consistent, repeatable, documented, measured, tracked, and continually improved upon. The ideal composite maturity score for a modern enterprise is “3”, while managed security service providers (MSSPs) should target a maturity level between “3” and “4”. The reliable detection of malicious activity and threats to the organization, and a systematic approach to manage those threats are the most important success criteria for a mature cyber defense capability.
The full methodology is detailed in the report.
About HPE Security
HPE Security helps organizations detect and respond to cyber threats while safeguarding continuity and compliance to effectively mitigate risk and incident impact. Delivering an integrated suite of market-leading products, services, threat intelligence and security research, HPE Security helps customers proactively protect the interactions among users, applications and data, regardless of location or device. With a global network of security operations centers and more than 5,000 IT security experts, HPE Security empowers customers and partners to safely operate and innovate while keeping pace with the speed of today’s idea economy. Find out more about HPE Security at https://www.hpe.com/us/en/solutions/security.
Join HPE Software on LinkedIn and follow @HPE_Software on Twitter. To learn more about HPE Enterprise Security products and services on Twitter, please follow @HPE_Security and join HPE Enterprise Security on LinkedIn.
About Hewlett Packard Enterprise
Hewlett Packard Enterprise is an industry leading technology company that enables customers to go further, faster. With the industry’s most comprehensive portfolio, spanning the cloud to the data center to workplace applications, our technology and services help customers around the world make IT more efficient, more productive and more secure. More information about HPE (NYSE:HPE) is available at https://www.hpe.com
1. “State of Security Operations Report 2016” HPE Security Intelligence and Operations Consulting (SIOC), January 2016.
This document contains forward-looking statements within the meaning of the safe harbor provisions of the Private Securities Litigation Reform Act of 1995. Such statements involve risks, uncertainties and assumptions. If such risks or uncertainties materialize or such assumptions prove incorrect, the results of Hewlett Packard Enterprise could differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements, including any statements of the plans, strategies and objectives of Hewlett Packard Enterprise for future operations; other statements of expectation or belief; and any statements of assumptions underlying any of the foregoing. Risks, uncertainties and assumptions include the possibility that expected benefits may not materialize as expected and other risks that are described in Hewlett Packard Enterprise’s filings with the Securities and Exchange Commission, including but not limited to the risks described in Hewlett Packard Enterprise’s Registration Statement on Form 10 dated July 1, 2015, as amended August 10, 2015, September 4, 2015, September 15, 2015, September 28, 2015 and October 7, 2015. Hewlett Packard Enterprise assumes no obligation and does not intend to update these forward-looking statements.