Security Operations Centers Evolve Amid COVID-19, Hybrid Workforce Era
Nearly eight in 10 security operations centers (SOCs) have ramped up their adoption of advanced security technologies while close to every organization in a new study now use hybrid cloud deployments for security operations management.
Both trends have been driven by the need to navigate and manage an increasingly complex and expanding attack surface resulting from the pandemic-caused move to remote working, CyberRes, which operates as a Micro Focus line of business, said in its newly released 2021 State of Security Operations report. The study’s findings are based on the input of 500 security operations managers, executives and decision makers worldwide.
Here are some top line highlights from the study:
- 85% of enterprises have increased their budget investment in security operations during the COVID-19 pandemic, 72% have increased their staffing and 79% have increased their adoption of advanced security technologies.
- 95% of SOCs now deploy their solutions in hybrid-cloud environments, a spike fueled by the need to better manage security operations.
“SOCs of the future need to be resilient in combating modern AI-led adversaries that do not rely on techniques of the past,” said Mark Fernandes, CyberRes global chief technology officer. “The report shows that we are moving into an era of highly intelligent, counter-adversary centers that move the human analyst to the center of creative interpretation of threats, where machines assist in countering modern threat actors using [machine learning], automation, cognitive and [artificial intelligence].”
Additional findings from the report:
- 51% of respondents are prioritizing efforts to build repeatable processes backed by priority intelligence requirements (PIRs), rather than relying on generalized vendor-provided scoring, to align their SOCs with threat intelligence and better secure the value chain.
- 85% of respondents increased monitoring controls as a response to COVID-related workforce transformation, as well as complex remote and secure access service edge requirements.
- 40% of respondents said the primary challenge facing their current security operations teams is addressing an increasingly complex attack surface.
- 79% of respondents say their SOCs were required to increase adoption of advanced security technologies during COVID-19 to combat evolving threats.
- 36% of respondents plan to adopt techniques powering resilient security operations over the next 12 months to address modern adversaries and threat actors. The techniques include signals, shellcode and dynamic malware analysis, and advanced end point, hunt and response capabilities.
- 93% of respondents said red teaming was essential to their security operations.
- 72% conduct red teaming exercises at least twice per year to encourage constant vigilance.