Security Operations Center Research Reveals SOC Trends, Gaps
Many security operations centers (SOCs) can detect cyber threats and recover from breaches faster than ever before, according to a study of 144 SOCs conducted by enterprise software company Micro Focus.
Key findings from the Micro Focus “State of Security Operations 2018 Report” included:
- Cyber defense programs from two thirds of SOCs across all industries experienced median maturity improvement in 2017.
- Over the last five years, 25 percent of SOCs met business goals and worked toward or achieved recommended maturity levels.
- On average, SOCs reported an 8 percent improvement across people and processes.
Comparatively, 20 percent of cyber defense organizations assessed over the past five years operated “in an ad-hoc manner with undocumented processes and significant cracks in security and risk management,” Micro Focus said. These organizations failed to score a security operations maturity model (SOMM) level 1, which translates to a complete lack of capability.
A Closer Look at Cyber Defense Trends
Micro Focus identified several cyber defense trends for organizations, and these trends included:
- Shifting to co-managed operations in partnership with MSSPs and other third-party vendors to overcome a global shortage of cybersecurity talent.
- Rapidly adopting security orchestration, automation and response (SOAR) solutions.
- Investing in the development of “security fusion centers” that promote operational overlap across data security and compliance, monitoring for insider threats and privileged access through behavioral analytics, correlating physical security and cybersecurity data and building consolidated operations and incident response for threat hunting, threat intelligence and IT operations.
The cyber detection and response capabilities of organizations are evolving, Micro Focus indicated. However, there is still no quick-fix solution that provides organizations with the cyber protection and operational awareness they need to combat all cyberattacks, at all times.
How Can Organizations Address Cyber Threats?
Building operational relationships with MSSPs and other third-party vendors to co-manage security solutions is key, according to Micro Focus. These relationships enable organizations to work with cybersecurity experts to address cyber threats without significant time and resource investments.
Security operations programs also require risk management assessments and compliance objectives, Micro Focus noted. Furthermore, organizations must fine-tune their cybersecurity solutions to safeguard their sensitive data against cyber threats.
In addition, organizations should establish a narrow scope for their risk management assessments and compliance objectives and start small, Micro Focus recommended. This approach enables organizations to build their cybersecurity capabilities over time and discover the best ways to quickly detect cyberattacks and manage breaches.