Mature security and operations (SecOps) programs require comprehensive, repeatable processes that link teams and technology together to drive success, according to the "2019 Security Operations Maturity Report" from security orchestration, automation and response (SOAR) platform provider Siemplify.
Key findings from Siemplify's report included:
- Managed security services was the top sector in terms of SecOps maturity, followed by the public sector.
- A lack of trained staff was the most common challenge among SecOps professionals, followed by poor correlation and orchestration among processes and technologies.
- Roughly 50 percent of all study respondents have "tiered" security operations centers (SOCs) comprised of different analyst levels.
- 25 percent of staff in low-maturity SecOps programs possess coding or scripting skills, compared to 40 percent in high-maturity programs.
- 16 percent of SecOps programs have reached peak maturity.
- The average SecOps team members handles 3.5 functions.
In addition, Siemplify offered the following recommendations to help organizations address SecOps challenges:
- Allocate time and resources to identify and understand SecOps requirements.
- Maintain an accurate inventory of SecOps program people, processes, tools and maps.
- Choose a SecOps program structure that complements an organization's overall strategy.
- Emphasize collaboration across people, processes and technology.
- Leverage playbooks and relevant use cases to streamline monitoring and response processes.
- Deploy security information and event management (SIEM) technology to drive proactive threat detection and analysis.
- Use a SOAR solution to improve SecOps efficiency.
As organizations search for ways to alleviate SecOps challenges, MSSPs can help, too. MSSPs can provide SIEM, SOAR and other solutions to help organizations address cyberattacks, as well as offer insights and guidance that enable organizations to develop mature SecOps programs.