GUEST POST
Hackers need to find one weak point to steal valuable information, while you must account for every possible vulnerability across your entire infrastructure. We must band together, think like a bad guy and take action to protect what matters.
Recent high visibility hacks, such as those at Target and Neiman Marcus, are powerful reminders that we need to outpace our adversaries and prepare for what might come. However, fighting crime is a losing battle if the adversary is two steps ahead of the law. How can we protect ourselves against faceless criminals motivated by large financial rewards?
Enter the Security Operations Center (SOC), a central control room detecting and responding to security breaches around the clock. A critical component of any security strategy, it's only as good as the people, processes, and technologies within it. This includes incorporating traditional IT operations, taking a converged approach to security that brings together existing IT monitoring practices with security operations, and providing a holistic view of risk across the enterprise.
A recent Ponemon Institute study revealed that companies investing in a comprehensive SOC achieved 20 percent better ROI on security spend and saved on average $4 million more than SOC-less peers.
Many organizations feel putting the basics in place is sufficient, but going through – or seeing peers go through – a high-profile, public breach involving negative publicity and lost revenue demonstrates the importance of a highly capable SOC. Industries with mature defense capabilities, such as large retailers and financial institutions, are not immune. They can be even bigger targets due to their volumes of valuable customer data.
In a recent five-year study on the state of nearly 70 global SOCs across private and public sector organizations, HP found 3 out of 4 organizations were unable to achieve basic consistency of operations, and only 30 percent of organizations that formally defined business goals and compliance requirements were able to meet them.
According to the study, having the right people in place can have the most profound impact on the overall capability of a SOC, but that's often overshadowed by an over-reliance on technology. Organizations invest more money in technology rather than staffing trained analysts to run these centers. Systems cannot apply non-linear thinking to an incomplete picture to develop a reasonable hypothesis. Human analytical capacity is still the most effective weapon in a company's security arsenal.
With a high demand for relevant security skills and a steady increase in compensation for experienced individuals, entities must invest in skills development and talent retention to sustain security operations. HP studied the effectiveness of a Fortune 100 company's SOC, finding the company's steady progression in the development of key SOC staff resulted in consistent processes and the right mix of expertise needed to operate effective security operations. Breaches and research continue to spotlight the lack of qualified security professionals in the information security industry.
Recent Ponemon Institute research highlighted that 40 percent of all security positions are unfulfilled today. Universities cannot rapidly produce graduates, and they struggle to provide sufficient real-world experience while security threats surge and organizations strive to strengthen their internal security defense teams. SOCs must prepare for this and develop hiring pipelines through relationships with local universities, ancillary teams across the company, and industry groups. Recognizing the market competitiveness of security skills and investing in talent will prevent attrition threatening security sustainability.
Cyber criminals will never stop learning and sharing information enabling them to attack high-profile targets and intellectual property. Hackers only have to get it right once. It's time for organizations do the same, investing in comprehensive SOCs by converging technology, processes, and people to protect what matters.
Chris Triolo, vice president of Professional Services, Education and Support, HP Enterprise Security Products. HP recently published a report on capabilities and maturity of cyber defense organizations, available at www.hp.com/go/StateOfSecOps.
