CS1701
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
security operations centres<br />
CENTRE OF ATTENTION<br />
SECURITY OPERATIONS CENTRES - SOCS - ARE ALL THE RAGE, IT SEEMS. BUT THEIR REPUTATION HAS<br />
BEEN QUESTIONED, WITH REPORTS THEY ARE FALLING SHORT OF TARGET MATURITY LEVELS<br />
With increased pressure to rapidly<br />
innovate and align security<br />
initiatives with business goals,<br />
security operations centres (SOCs) provide<br />
the foundation for how organisations<br />
protect their most sensitive assets, and<br />
detect and respond to threats. However,<br />
recent findings show that the majority of<br />
SOCs are falling below target maturity levels,<br />
leaving organisations vulnerable in the event<br />
of an attack.<br />
This is according to Hewlett Packard<br />
Enterprise (HPE), which has just published its<br />
fourth annual 'State of Security Operations<br />
Report' (2017), providing deep analysis on<br />
the effectiveness of organisations' SOCs and<br />
best practices for mitigating risk in the<br />
evolving cybersecurity landscape.<br />
Published by HPE Security Intelligence and<br />
Operations Consulting (SIOC), the report<br />
examines nearly 140 SOCs in more than 180<br />
assessments around the globe. Each SOC is<br />
measured on the HPE Security Operations<br />
Maturity Model (SOMM) scale that evaluates<br />
the people, processes, technology and<br />
business capabilities that comprise a security<br />
operations centre. A SOC that is well<br />
defined, subjectively evaluated and flexible is<br />
recommended for the modern enterprise to<br />
effectively monitor existing and emerging<br />
threats; however, 82% of SOCs are failing to<br />
meet this criteria and falling below the<br />
optimal maturity level, claims HPE. "While<br />
this is a 3% improvement year-over-year, the<br />
majority of organisations are still struggling<br />
with a lack of skilled resources, as well as<br />
implementing and documenting the most<br />
effective processes," the company states.<br />
"This year's report showcases that, while<br />
organisations are investing heavily in security<br />
capabilities, they often chase new processes<br />
and technologies, rather than looking at the<br />
bigger picture, leaving them vulnerable to<br />
the sophistication and speed of today's<br />
attackers," says Matthew Shriner, vice<br />
president, Security Professional Services,<br />
Hewlett Packard Enterprise. "Successful<br />
security operations centres are excelling by<br />
taking a balanced approach to cybersecurity<br />
that incorporates the right people, processes<br />
and technologies, as well as correctly<br />
leverages automation, analytics, real-time<br />
monitoring, and hybrid staffing models to<br />
develop a mature and repeatable cyber<br />
defence programme.<br />
STRONG CONNECTION<br />
There has never been a stronger connection<br />
between security initiatives and business<br />
goals, adds Shriner. "The speed of<br />
organisations' adoption of new innovations<br />
such as cloud, IoT and big data platforms is<br />
matched head-on by advancement of the<br />
attackers. The sophistication, agility and scale<br />
of attacks has made speed an imperative for<br />
any successful security operations centre and<br />
has led to a renewed focus on automation,<br />
real-time detection and response at scale.<br />
"Along with this focus, we are continuing<br />
to see a struggle to find and maintain skilled<br />
resources necessary to run security<br />
operations. Automation and outsourcing<br />
have been utilised to ease this burden with<br />
varying degrees of success. Throughout our<br />
assessments, performed on six continents,<br />
we have seen a multitude of SOC people,<br />
process, and technology configurations. Our<br />
28<br />
computing security Jan/Feb 2017 @CSMagAndAwards www.computingsecurity.co.uk