State of Cyber Security – HP Enterprise Report

A new report on the State of Security Operations 2016 from Hewlett Packard Enterprise finds that there is a year over year decline in overall security operations center (SOC) maturity. Why the decline in maturity?  The problem is a lack of focus for IT organizations, treating the SOC as a project rather than an on-going process and data driven organization.  The SOC cannot be oriented to just “responding” to security issues with an ad-hoc approach.  It needs to provide more insight into the cyber-risk posture and operate in a proactive rather than a reactive fashion.

• The average SOC lacks basic security monitoring capabilities. Only 24% of organizations met the minimum requirements to provide security monitoring.
• 85% of organizations are not achieving the recommended security operations maturity levels—even lower than last year’s findings.
• Security operations people skills and effective processes are lagging with 25% of organizations operating in an ad-hoc fashion with undocumented process.  This is impacting the length of time it takes to identify and remediate issues.
• The “we’ve already been breached” way of thinking is changing how some IT security teams approach the problem by embracing big data security analytics solutions.
• 25% of cyber defense organizations failed to score a security operations maturity model (SOMM) level 1 and just 15% of assessed organizations have achieved the ideal composite maturity score of level 3.
• Organizations in industries that have numerous industry mandates and compliance regulations, such as financial services, are scoring below the median score for a “managed” environment.
• Organizations where the SOC is part of the IT operations group typically lack effective security monitoring and mitigation capabilities due to conflicting priorities with a focus on IT service availability and performance optimization.