Protect Your Assets
Showing results for 
Search instead for 
Do you mean 

5 MORE reasons why Security Operations Organizations are ineffective

Kerry_Matre ‎02-03-2014 08:29 AM - edited ‎06-09-2015 11:34 AM

HP revealed in the State of Security Operations 2014 report that 24% of assessed organizations did not meet the minimum requirements to provide consistent security monitoring.


In my previous blog, I listed the top 5 mistakes security operations organizations are making.  Here are an additional 5 mistakes as observed by our security intelligence and operations consulting (SIOC) group.


View mistakes #1-5 here.


#6 - Set it and forget it- Organizations often spend a lot of resources building up a security operations capability but focus drops after the first goals are achieved.  Continuity of focus must continue as a SOC ages in order to ensure effectiveness overtime.


#7 - Advanced use cases not effectively operationalized - Advanced use cases are great...if you can tie them into your business processes to achieve the full benefit. Breakdowns in communication between engineering teams that create the system content and analysis teams who are expected to use the content will cause use cases to be ineffective.


#8 - Lack of flexibility - Inflexible organizations will not be able to keep up with ever-evolving threats. Some areas of security operations should be rigid, repeatable, and measured while other areas should be flexible, adaptable, and nimble.


#9 - Inability to prioritize- It is difficult and costly to protect an entire organization.  A successful SOC requires clear priorities determined by a risk-based approach.


#10 - Not learning from others - Informal and formal communities are being developed to help organizations share threat information and indicators of compromise (IOCs). SOCs that are not taking advantage of these communities will miss out on additional risk reduction for their organization.


Download the full report:


HP recommends organizations have a 3rd party security operations assessment performed once a year to benchmark current capabilities, ensure risk reduction is achieved by the organization and to show ROI on security investments.  Click here to learn more .

0 Kudos
About the Author


June 6 - 8, 2017
Las Vegas, Nevada
Discover 2017 Las Vegas
Join us for HPE Discover 2017 in Las Vegas. The event will be held at the Venetian | Palazzo from June 6-8, 2017.
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all