CyberRes, a Micro Focus line of business, today published its annual State of Security Operations report, which provides insights into how enterprises are utilising security operations to modernise their business, secure the digital value chain and systematically address modern threats to achieve greater enterprise resiliency. Overall, the report found that the increased adoption of advanced security technologies and hybrid-cloud deployments was primarily driven by the need to navigate and manage an increasingly complex and expanding attack surface due to rapid workforce transformation driven by the COVID-19 pandemic.
The CyberRes 2021 State of Security Operations report offers a close look at the changes, trends, challenges, and strategies of security operations (SecOps) teams around the globe. The survey behind the report specifically references the experiences of over 500 security operations managers, executives, and decision makers from around the world, and aims to provide implications and real insights to CISOs, CIOs, and other IT leaders to better secure their enterprises.
The report’s key highlights illustrate that 85% of enterprises have increased their budget investment in security operations during the COVID-19 pandemic, 72% have increased their staffing and 79% have increased their adoption of advanced security technologies. The key reason cited for the increased investment was to address the complexity, scale, and impact to business operations through the rapidly growing attack surface, as the result of rapid workforce transformation. Along those same lines, security operations centers (SOCs) have increased their adoption of the cloud, with 95% now deploying their solutions in hybrid-cloud environments, a radical adoption rate fueled by the need to better manage security operations.
“The State of Security Operations report depicts a clearly defined pivot on how cyber plays a role in driving business modernisation, securing the digital value chain and driving digital transformation,” said Mark Fernandes, Global CTO, CyberRes “SOCs of the future need to be resilient in combatting modern AI-led adversaries that do not rely on techniques of the past. The report shows that we are moving into an era of highly intelligent, counter-adversary centers that move the human analyst to the center of creative interpretation of threats, where machines assist in countering modern threat actors using ML, automation, cognitive and AI.”
Key CISO Insights
Key CISO highlights from the report include:
- SOC business prioritisation: 51% of respondents stated that they are prioritising efforts to build repeatable processes backed by Priority Intelligence Requirements (PIRs), rather than relying on generalised vendor-provided scoring, to align their SOCs with threat intelligence and better secure the value chain.
- SOC in an era of COVID: 85% of respondents increased monitoring controls as a response to COVID-related workforce transformation, as well as complex remote and SASE access requirements.
- Growing Complexity driving SOC priorities: 40% of respondents indicated that the primary challenge facing their current security operations teams is their struggle to address an increasingly complex attack surface.
- Modern adversaries are out-innovating traditional SOCs: 79% of respondents say their SOCs were required to increase adoption of advanced security technologies during COVID-19 to combat evolving threats. 36% of respondents indicated that, over the next 12 months, they are planning to adopt techniques powering resilient Security Operations, which are designed to address modern adversaries and threat actors. These techniques include signals, shellcode, and dynamic malware analysis, as well as more advanced end point, hunt, and response capabilities.
- Continuous readiness: 93% of respondents stated that red teaming (i.e., simulating the actions of an adversary) was essential to their security operations, with 72% conducting red teaming exercises at least twice per year to encourage constant vigilance.
Key UK specific findings:
- UK SOC Investment: Due to COVID-19, 83% of UK SOCs have increased investment in security training; 71% in deploying technologies; 85% have changed the way they run security operations
- The UK’s top investment priority for threat intelligence is improving detection capabilities (50%), notably higher than the global average of 35%
- Top three challenges facing UK security teams:
- Expanding workloads to cloud/hybrid environments (40%),
- Monitoring security across a growing attack surface (38%)
- Investigating/validating/prioritizing security incidents (36%)
- SecOps Migration: 78% of the UK’s cybersecurity operations are 50%+ cloud based, slightly below the global average of 81%