HP revealed in the State of Security Operations 2014 report that 24% of assessed organizations did not meet the minimum requirements to provide consistent security monitoring.
In my previous blog, I listed the top 5 mistakes security operations organizations are making. Here are an additional 5 mistakes as observed by our security intelligence and operations consulting (SIOC) group.
View mistakes #1-5 here.
#6 - Set it and forget it- Organizations often spend a lot of resources building up a security operations capability but focus drops after the first goals are achieved. Continuity of focus must continue as a SOC ages in order to ensure effectiveness overtime.
#7 - Advanced use cases not effectively operationalized - Advanced use cases are great...if you can tie them into your business processes to achieve the full benefit. Breakdowns in communication between engineering teams that create the system content and analysis teams who are expected to use the content will cause use cases to be ineffective.
#8 - Lack of flexibility - Inflexible organizations will not be able to keep up with ever-evolving threats. Some areas of security operations should be rigid, repeatable, and measured while other areas should be flexible, adaptable, and nimble.
#9 - Inability to prioritize- It is difficult and costly to protect an entire organization. A successful SOC requires clear priorities determined by a risk-based approach.
#10 - Not learning from others - Informal and formal communities are being developed to help organizations share threat information and indicators of compromise (IOCs). SOCs that are not taking advantage of these communities will miss out on additional risk reduction for their organization.
Download the full report: hp.com/go/StateOfSecOps
HP recommends organizations have a 3rd party security operations assessment performed once a year to benchmark current capabilities, ensure risk reduction is achieved by the organization and to show ROI on security investments. Click here to learn more .