An annual study from enterprise software company Micro Focus has shown progress in the security maturity of organizations, but much more work remains. According to the fifth annual State of Security Operations Report 2018, there has been a 10 percent improvement in organization’s ability to meet security-related business goals. According to the study, about 25 percent of organizations assessed meet those goals.
According to the report, enterprises are starting to reap some operational benefits from their security investments, including an average 8 percent improvement within the people and processes aspects of their security program.
The Micro Focus State of Security Operations Report is based on the findings of 200 assessments of 144 discreet organizations, during the past five years, with security operations centers from 33 countries. According to Micro Focus, the report includes organizations in the public and private sectors, enterprises across industry verticals, as well as managed security service providers.
According to Micro Focus, key findings include:
- SOCs are quickly shifting to co-managed operations. This approach has allowed cyber defense programs to overcome the greatest challenge: a global shortage of cyber security talent. By setting up an operational relationship with a partner that includes regular interactions, SOC leaders can narrowly focus on the assets they want to protect and work with the partner operationally to perform the technology integration to make it happen.
- SOCs running short on personnel are adopting security orchestration, automation, and response (SOAR) solutions. Organizations are investing in automating security incident investigation and management toolsets, and with deliberate implementation goals in mind, are experiencing positive results. The concept is sound, yet adoption is slow due to operational knowledge gaps.
- Private sector organizations are systematically investing in the development of fusion centers. In its initial form, fusion centers took the “One SOC to Rule Them All” approach. This model continues to serve decentralized organizations well along with those that have grown quickly through M&A activity. Over the past year, fusion centers have evolved into combined disciplines that most organizations would deliberately separate in the past. The new form includes fusion centers that are preparing to combine data security monitoring & incident response and compliance reporting for GDPR.
- The use of deception grids and impact on operations maturity has increased over the last year. It is because of the shift in the economy of an attack that deception grid solutions can be very attractive. Misinformation about target systems can alter the findings of scripted reconnaissance and cause attackers to deploy resources that are ineffective on the target system. Organizations are also starting to learn much about the attacker and the target of their campaign by analyzing the behavior of the attacker in the deception-oriented environment.
“Over the last five years, we have watched organizations attempt to achieve a complete security transformation by applying Band-Aids – such as the purchase of peripheral products or dismantling of solutions – only to find poor results and poor business alignment,” Matthew Shriner, vice president, Security Professional Services for Micro Focus said in this news release.
Unlike surveys that focus on how respondents perceive their own security maturity levels (no one would overestimate themselves, would they?), the Micro Focus State of Security Operations Report is based on their Security Operations Maturity Model, which uses a five-point scale – a score of “0” is given for a complete lack of capability while a “5” is given for a capability that is consistent, repeatable, documented, measured, tracked, and continually improved upon. The ideal composite maturity score for a modern enterprise is “3.”