HPE’s “State of Security Operations 2017” report reveals how quickly the cybersecurity landscape is changing and what you need to do to protect your enterprise
In this article...
- Read more to learn about the constantly changing cybersecurity landscape and what enterprises need to do to stay ahead of threats
WANT TO KNOW MORE?
- Get the free report on the “State of Security Operations” in 2017
“When it comes to cybersecurity, we are in the midst of very interesting times,” said Matthew Shriner, VP Security Professional Services, HPE Security, in his letter introducing HPE’s Fourth Annual “State of Security Operations 2017” report.
“There has never been a stronger connection between security initiatives and business goals,” Shriner continued. “The speed of organizations’ adoption of new innovations such as cloud, IoT and Big Data platforms is matched head-on by advancement of the attackers. The sophistication, agility and scale of attacks has made speed an imperative for any successful security operations center, and has led to a renewed focus on automation, real-time detection and response at scale.”
Because of this changing cybersecurity landscape, the “State of Security Operations 2017” report plays a vital role in assisting HPE and its customers in ensuring their security systems are meeting security challenges and business goals. For the report, more than 180 assessments were conducted in organizations around the globe, making it the largest data set of its kind in the industry.
“There has never been a stronger connection between security initiatives and business goals.”
The report found that more than a quarter of the security operation centers assessed are at minimal levels of effectiveness when it comes to cybersecurity. “What that means,” explained Kerry Matre, senior manager, Portfolio Marketing, HPE Security Products, “is that many of these organizations use solutions that are ad hoc with nothing documented, or rely on a part-time security professionals rather than a full-time security team. Unfortunately, these organizations also believe that they are running at security operations capability—when the fact is what they are doing is ineffective.”
One of the trends that could be driving the low security ratings is that these organizations don’t use real-time monitoring. “What they’ve done is moved away from real-time monitoring in favor of hunt teams and pure search and analytics technologies,” Matre explained. Search technologies allow organizations to “hunt and peck” for one-off threats. “The problem we’re finding is if they are only doing that without real-time protections, their maturity levels are very low.” These organizations might not be attacked more often than more mature organizations, but when they are attacked, they are less effective at finding and responding to breaches.
On the other hand, organizations that use search technologies in addition to real-time monitoring increase in their maturity levels. These organizations have a hunt team that will find the one-off security threat and then feed information about the threat into their real-time monitoring solution to watch for further incidents.
“The companies that turned to hunt team only threw out any maturity and processes they had,” Matre said. “It doesn’t only affect technology in finding breaches, but it also affects staffing, which is one of the top challenges for security organizations. If you don’t have repeatable processes that are documented, you don’t have a way to hand off the information from one person to the next. Each new person has to come up with their own knowledge.”
Staffing problems—including turnover and not having the right expertise—is another trend highlighted in the report. In response, organizations are turning to managed services to handle staffing solutions; however, using only a managed service provider is not the most effective method for security management.
“What we’re seeing as most effective is a hybrid staffing solution,” said Matre. “Keep critical roles and risk assessment internal, but augment staff with a managed service provider. This is the most effective combination because it allows you to keep sensitive information within your organization without losing any functionality.”
The HPE report tracked a new area this year: organizational size versus maturity. When it comes to security, bigger is not necessarily better—the report found no correlation between organizational size and security maturity. Instead, what drives maturity are the goals of a security organization. For organizations that use security as a competitive differentiator or for market leadership, maturity is higher—no matter the size.
And finally, the report found that while automation isn’t the sole solution to achieving maturity—there is no silver bullet— it can be a very effective solution when paired with the right human interaction. “You still need a human for decision making and final risk assessments,” said Matre. “Organizations are trying to find a balance, and I’m excited to see how that will evolve over the next year.”