An organization’s security operations centers (SOC) is supposed to be the main line of defense against cyber attacks, but according to a new report from Hewlett Packard Enterprise (HPE), more than 80% of SOCs today aren’t doing enough to protect their organizations.
HPE’s fourth-annual State of Security Operations Report, which analyzes the effectiveness of organizations’ SOCs and offers best practices for fighting cybersecurity risks, looked at more than 140 SOC operations worldwide, accounting for the people, technology and business capabilities of each to determine their security risks.
What the report found was that 82% of companies aren’t maturing fast enough to meet the digital threats out there, with a lack of skilled personnel and the implementation of effective processes to tackle attacks listed by HPE as the most prominent issues.
“This year’s report showcases that while organizations are investing heavily in security capabilities, they often chase new processes and technologies, rather than looking at the bigger picture leaving them vulnerable to the sophistication and speed of today’s attackers,” said Matthew Shriner, VP of security professional services for Hewlett Packard Enterprise. “Successful security operations centers are excelling by taking a balanced approach to cybersecurity that incorporates the right people, processes and technologies, as well as correctly leverages automation, analytics, real-time monitoring, and hybrid staffing models to develop a mature and repeatable cyber defense program.”
What the report found was that some organizations are trying to make up for the lack of educated cybersecurity talent with automation, a tactic that ignores the need for the human reasoning required for effective investigations and risk assessments. “Given the shortage of security talent, this approach resonates with a number of security leaders. The reality of how this plays out is not as clear cut or beneficial as it sounds,” the report reads.
The HPE report also found that hybrid solutions — which aims to keep risk management in house but scales cybersecurity with external sources (like managed security service providers) for staffing) — has proven beneficial for many organizations.
Overall, businesses need to better master the simple basics of incident detection and response, and identifying risks to their companies; automating where possible, but not replying on automation solely for their cybersecurity; and assessing their organization’s cyber risk regularly.
“As organizations continue to build and advance SOC deployments alongside the evolving adversary landscape, a solid foundation based on the right combination of people, processes and technology is essential,” the report reads.