Security operations centers sacrifice basics, leaving 82% with under target maturity levels and vulnerable to attack, according to the Palo Alto, Calif.-based Hewlett Packard Enterprise’s State of Security Operations Report 2017.

The report also revealed a well-defined SOC effectively monitors existing and emerging threats but a majority of organizations still struggle with a lack of skilled resources, as well as implementing and documenting the most effective processes.

HPE’s fourth annual report, which examines almost 140 SOCs in more than 180 assessments around the globe, analyzes the effectiveness of organizations’ SOCs, and offers best practices for mitigating cybersecurity risk.

“This year’s report showcases that while organizations are investing heavily in security capabilities, they often chase new processes and technologies, rather than looking at the bigger picture leaving them vulnerable to the sophistication and speed of today’s attackers,” Matthew Shriner, vice president, Security Professional Services for Hewlett Packard Enterprise said.

A balanced approach to cybersecurity incorporates the right people, processes and technologies, as well as correctly leveraging automation, analytics, real-time monitoring, and hybrid staffing models to develop a mature and repeatable cyberdefense program.

One of the key observations noted how the implementation of hunt teams to search for unknown threats has become a major trend in the security industry. However, even with hunt capabilities, performing analysis on historical logs, organizations cannot ignore real-time threats, Shriner explained. Organizations that added hunt teams to their existing real-time monitoring capabilities increased their maturity levels, but programs focused solely on hunt teams had an adverse effect.

Eighteen months ago, few financial institutions had a full-fledged hunt program, where trained cyber security expert studied historical data for hint of compromise. Shriner said, “This year a great preponderance of financial service organizations has hunt programs that they’ve either budgeted for or started building out capabilities, which is a significant change.”

Shriner also observed, “The collaboration as it relates to security in financial services institutions (such as sharing threat intel) tends to be much higher than with other industries.” Much of that is due to the Financial Services Information Sharing and Analysis Center. “You almost never see that with telecoms, manufacturing, they are hyper paranoid about protecting their IP.”

The size of the organization and its security strength also do not guarantee protection. Shriner pointed out some small firms are very good at it, many are not; some large firms are great at it, yet some of the highest profile breaches have been against firms with huge security budgets. “The smaller firms, whether it is a mom-and-pop shop or a smaller local financial institution, if they do not take the threat seriously, they will be compromised. The bad guys are counting on these smaller firms that don’t have this hyper acute sense of awareness.”

Other key report observations:

  • A shortage of security talent remains the number one concern for security operations, making automation a critical component of security. Nevertheless, advanced threats still require human investigation and risk assessments need human reasoning, making it imperative that organizations strike a balance between automation and staffing.
  • Organizations that keep risk management in-house, and scale with external resources, such as leveraging managed security services providers for co-staffing or in-sourcing, can boost their maturity and address the skills gap.


To help organizations achieve balance, HPE recommends mastering the basics of risk identification, incident detection, and response; periodically assessing the organizations’ risk management, security and compliance objectives ; and augmenting security capabilities.