2019 State of Security Operations: SOCs Worldwide Struggle to Balance Evolving Requirements with Emerging Constraints

Newly Released Study Indicates That Inability to Secure Budget and Attract Skilled Staff are Among Top Barriers to Success for Security Operations Teams

23 September 2019

SANTA CLARA, CAMicro Focus (LSE: MCRO; NYSE: MFGP) today announced its 2019 State of Security Operations Update, which reveals the latest trends, success factors, and best practices for security operations (SecOps) teams. This report builds on intelligence gathered by the Micro Focus Security Intelligence and Operations Consulting team, who, since 2008 have assessed the capability and maturity of more than 150 discrete SOCs across 33 countries on six continents. The report indicates that SecOps continues to grow in importance but is evolving as market dynamics change.

Data breach reports have increased by more than 50 percent since 2018i and Micro Focus' latest research indicates that there is a gap across Security Operation Centers (SOCs) globally in how best to protect organizations from bad actors that are employing increasingly sophisticated tactics to access high-value information and systems from both inside and outside of their organizations.

"With 4.1 billion compromised records exposed in more than 3,800 publicly disclosed breaches in just the first six months, 2019 is on course to be a record-setting year for data breaches," said Michael Mychalczuk, Director of Product Management, Security Operations at Micro Focus. "Our assessment of top-performing SOCs reflects that, as with any challenge, you should start with the basics. Establish a strong foundation with a proven security information and event management (SIEM) system, well-trained people, standardized processes, and clear business alignment."

Key observations include:

  • The War for Talent. Companies are increasingly competing for scarce skilled security professionals. In the 2019 SANS SOC survey, 58 percent of respondents said that the top barrier to SOC excellence is the lack of skilled staffii. SOC leaders should clearly communicate career development opportunities, offer training and certification, and ensure sufficient support to handle workload.
  • The Battle for Budget. 60 percent of SOCs reported that they outsourced SecOps functions for the cost savingsiii. Industry-wide pressure to cut costs is resulting in a lack of investment in SecOps. To address this challenge, SOCs need to clearly demonstrate the value of their work by documenting and reporting on their success in protecting valuable company assets.
  • Establishing Solid Protocols. The absence of documented protocols and process are threatening productivity and sustainability. The turnover of a skilled employee who has protocols memorized but not documented, causes the remaining staff to reinvent the wheel. SOCs should use an adaptable, integrated process and procedure management system.
  • Technology to the Rescue. New technologies such as artificial intelligence (AI), machine learning (ML), user and entity behavioral analytics (UEBA), and security orchestration and automation (SOAR) tools are growing in popularity, and SecOps leaders are hoping these tools will alleviate many SOC challenges. To maximize the value of these new technologies, SOCs must first identify relevant security use cases and then select the right tools to meet them head-on.
  • Alignment on the Mission. Many SOCs assessed in this report did not have a defined mission. Often this meant that there was a lack of visibility and understanding of which business assets (users, applications, data, etc.) were the most important for the SOC to protect. To align security staff with the goals of the business, SOCs must not only define a mission, but clearly and frequently communicate it throughout the organization.

As threats evolve, so too must cyber defense capabilities. Looking to the future, organizations must begin building next-generation SOCs. These mature SOCs will employ an arsenal that will not only include core capabilities such as log and security event management, but will also integrate threat hunting, AI and ML, UEBA, SOAR and other advanced technologies that will close defensive gaps and improve efficiency in detection, investigation and response.

The Micro Focus 2019 State of Security Operations Update is available today.


 

i Source: Cyber Risk Analytics: 2019 Midyear QuickView Data Breach Report,” Cyber Risk Analytics, July 2019

ii Source: Common and Best Practices for Security Operations Centers: Results of the 2019 SOC Survey,” Chris Crowley and John Pescatore, July 2019

iii Source: Improving the Effectiveness of the Security Operations Center,” Ponemon Institute LLC, June 2019

More Information
Learn more about the Micro Focus portfolio of solutions and services.

Join Micro Focus on LinkedIn and follow @MicroFocus Twitter.

About Micro Focus
Micro Focus helps organizations run and transform their business through four core areas of digital transformation: Enterprise DevOps, Hybrid IT Management, Predictive Analytics and Security, Risk & Governance. Driven by customer-centric innovation, our software provides the critical tools they need to build, operate, secure, and analyze the enterprise. By design, these tools bridge the gap between existing and emerging technologies—enabling faster innovation, with less risk, in the race to digital transformation.

Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.