Not all security operation centers (SOC) are on the same page about how best to protect organizations from bad actors, Micro Focus said in its 2019 State of Security Operations Update.
Many struggle to balance changing requirements with emerging constraints. Micro Focus’ report, which builds on intelligence gathered by the security provider’s intelligence and operations consulting team, indicates that security operations (SecOps) is growing in importance while evolving to stay abreast of changing market dynamics.
An expected gap exists across SOCs globally on how best to protect organizations from bad actors that are employing increasingly sophisticated tactics to breach systems both internally and externally to pilfer high-value information, the company said. "With 4.1 billion compromised records exposed in more than 3,800 publicly disclosed breaches in just the first six months, 2019 is on course to be a record-setting year for data breaches," said Michael Mychalczuk, Director of Product Management, Security Operations at Micro Focus. "Our assessment of top-performing SOCs reflects that, as with any challenge, you should start with the basics. Establish a strong foundation with a proven security information and event management system, well-trained people, standardized processes, and clear business alignment."
Some key take-aways from the study include:
- Talent gap. The lack of skilled security professionals on staff remains a top barrier to SOC performance. One remedy: SOC leaders should clearly communicate career development opportunities, offer training and certification, and ensure sufficient support to handle workload.
- Budget constraints. Industry-wide pressure to cut costs is resulting in a lack of investment in SecOps. A fix: SOCs need to clearly demonstrate the value of their work by documenting and reporting on their success in protecting valuable company assets.
- Documentation. The turnover of a skilled employee who has protocols memorized but not documented, causes the remaining staff to reinvent the wheel. An answer: SOCs should use an adaptable, integrated process and procedure management system.
- New technologies. SecOps leaders are hoping artificial intelligence (AI), machine learning (ML), user and entity behavioral analytics (UEBA), and security orchestration and automation (SOAR) tools will alleviate many SOC challenges. Stay ahead of the curve: SOCs must first identify relevant security use cases and then select the right tools to meet them head-on.
- Clear visibility. Many SOCs suffer from a lack of visibility and understanding of which business assets (users, applications, data, etc.) are the most important to protect. The task: SOCs must not only define a mission, but clearly and frequently communicate it throughout the organization.
What’s the future hold? Organizations must begin building next-generation SOCs that integrate threat hunting, AI and ML, UEBA, SOAR and other advanced technologies with core capabilities to “close defensive gaps and improve efficiency in detection, investigation and response.”