Lack of security basics creates vulnerability, says HPE


Thursday, 19 January, 2017

Lack of security basics creates vulnerability, says HPE

A new report from Hewlett Packard Enterprise (HPE) shows that a large percentage of organisations are vulnerable to cyber threats.

The fourth annual State of Security Operations Report 2017 provides analysis of the security operations centres (SOCs) within organisations, as well as best practice to minimise cybersecurity risk.

Findings suggest that 82% of SOCs are falling below target maturity levels, leaving them open in the event of an attack.

“This year’s report showcases that while organisations are investing heavily in security capabilities, they often chase new processes and technologies, rather than looking at the bigger picture, leaving them vulnerable to the sophistication and speed of today’s attackers,” HPE South Pacific Regional Sales Director, Security Software Matthew Hanmer said.

“Successful security operations centres are excelling by taking a balanced approach to cybersecurity that incorporates the right people, processes and technologies, as well as correctly leveraging automation, analytics, real-time monitoring and hybrid staffing models to develop a mature and repeatable cyber defence program.”

The report examines nearly 140 SOCs in more than 180 assessments around the globe. Each SOC is measured on the HPE Security Operations Maturity Model (SOMM) scale that evaluates the people, processes, technology and business capabilities that comprise a security operations centre.

A SOC that is well-defined, subjectively evaluated and flexible is recommended for the modern enterprise to effectively monitor existing and emerging threats. However, the majority of organisations are still struggling with a lack of skilled resources, as well as implementing and documenting the most effective processes.

Observations from the report include:

  • SOC maturity decreases with hunt-only programs. The implementation of hunt teams to search for unknown threats has become a major trend in the security industry.
  • Complete automation is an unrealistic goal. A shortage of security talent remains the number one concern for security operations, making automation a critical component for any successful SOC. However, advanced threats still require human investigation and risk assessments need human reasoning, making it imperative that organisations strike a balance between automation and staffing.
  • Focus and goals are more important than size of organisation. There is no link between the size of a business and the maturity of its cyber defence centre.
  • Hybrid solutions and staffing models provide increased capabilities. Organisations that keep risk management in-house, and scale with external resources, such as leveraging managed security services providers (MSSPs) for co-staffing or in-sourcing, can boost their maturity and address the skills gap.

As organisations continue to build and advance SOC deployments alongside the evolving adversary landscape, a solid foundation based on the right combination of people, processes and technology is essential. HPE recommends mastering the basics of risk identification, incident detection and response before leveraging new methodologies such as hunt teams, automating tasks where possible but understanding the importance of human interaction; periodic assessments of risk management; and adopting hybrid staffing where organisations are unable to add staff to augment security capabilities.

Image credit: ©stock.adobe.com/au/Monsitj

Follow us on Twitter and Facebook

Related News

Digital trust leaders outperform their peers: research

Companies categorised as leaders in implementing digital trust strategies are reaping the...

IT decision-makers believe AI is key to protect against cyber threats: report

According to reseach, 40% of Australian IT decision-makers believe the use of AI will help them...

New Relic upgrades app security testing suite

The New Relic Interactive Application Security Testing solution has been upgraded with new...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd