Siemplify today released the 2019 Security Operations Maturity Report, revealing critical insights and trends into the state of SecOps, from size and structure of programs to key challenges and growth initiatives.
Based on a survey of more than 250 security operations practitioners working at enterprises and managed security service providers (MSSPs), who were asked to assess a litany of subjects related to their responsibilities, impediments and needs, the report presents a comprehensive portrait into the nexus of cybersecurity infrastructure – the operations – and the personnel responsible for ensuring their efficiency and effectiveness.
Arguably most notable is that the study includes perspective into where respondents see their SecOps programs – and the individual functions that constitute them – stacking up in terms of maturity, as well as what defines success and how to forge a path forward.
“The results of this report present the story of security operations and how it is still a long way from being fully written,” said Wade Baker, founder of Cyentia Research, commissioned to conduct the study. “A number of factors – some more obvious than others – are influencing the success of SecOps programs and the practitioners who work within them, and we sought to quantify those and help shed some light on where they see things now and where they may go from here.”
Of the respondents surveyed, only 20% indicated that their SecOps programs have reached the highest maturity level. The majority reported that they are just starting their maturity journey or only midway through it. Of verticals, MSSPs expectedly ranked highest in terms of SecOps maturity, while not-so-predictably the traditionally regulated industries of healthcare and finance rated near the bottom.
Other key security operations trends revealed in the report include:
Not all SecOps programs are created equal: For example, over half of financial firms report having 10 or more SecOps staff, but only 14% in the health care sector have that level of resources.
Tiered structure tapering: A little over half of respondents work in traditional ‘tiered’ security operations centers (SOCs), which are comprised of different analyst levels. The rest form teams of mixed roles and experience.
Structure influences strategy: Programs with a ‘tiered’ structure stress optimizing and managing tools. Those organized by ‘teams’ emphasize improving people and processes.
Teams are busy and broadly tasked: The average SecOps staff member handles 3.5 major functions, with some taking on as many as 12. Counterintuitively, those in larger firms wear more hats than their SMB counterparts.
Coding matters: 25% of staff in lower-maturity SecOps programs possess coding or scripting skills compared to 40% in higher-maturity programs.
Functions not evenly distributed: SecOps use cases like event monitoring, vulnerability management and incident response are experiencing the widest adoption among functions. Meanwhile, specializations such as threat hunting are four-times less common in SMBs.
Challenges span people, processes and technology: The most common SecOps challenge experienced by respondents was lack of trained staff. Poor correlation and orchestration among processes and technologies was a close second.
Overall, the responses yielded one clear message: SecOps maturity is about robust, documented, repeatable processes that tie technology, teams and their respective functions together to drive success.
“We already know that an overload of security alerts, reliance on manual processes and – of course – the global skills epidemic are all combining to cause chaos within IT and security departments,” said Nimmy Reichenberg, chief marketing officer at Siemplify. “But this report goes deeper and gets more personal to help us understand what security operations professionals are feeling, how their programs are being challenged and what the future holds.”
The complete report is now available for download. Siemplify and Cyentia will also be hosting a webinar on July 23 discuss key takeaways from the report.
Siemplify, the leading independent security orchestration, automation and response (SOAR) provider, is redefining security operations for enterprises and MSSPs worldwide. The Siemplify platform is an intuitive workbench that enables security teams to manage their operations from end to end, respond to cyberthreats with speed and precision, and get smarter with every analyst interaction. Founded in 2015 by Israeli Intelligence experts with extensive experience running and training security operations centers worldwide, Siemplify has raised $58 million in funding to date and is headquartered in New York, with offices in Tel Aviv. Visit us at siemplify.co or follow us on Twitter at @Siemplify.