Only 16% of security operations professionals think that their SecOps programs have reached the highest maturity level, according to a Siemplify and Cyentia Institute study.
The majority of the 250 security operations practitioners surveyed, reported that they are just starting their maturity journey or only midway through it. Of verticals, MSSPs expectedly ranked highest in terms of SecOps maturity, while not-so-predictably the traditionally regulated industries of healthcare and finance rated near the bottom.
Key security operations trends
Not all SecOps programs are created equal: For example, over half of financial firms report having 10 or more SecOps staff, but only 14% in the health care sector have that level of resources.
Tiered structure tapering: A little over half of respondents work in traditional ‘tiered’ security operations centers (SOCs), which are comprised of different analyst levels. The rest form teams of mixed roles and experience.
Structure influences strategy: Programs with a ‘tiered’ structure stress optimizing and managing tools. Those organized by ‘teams’ emphasize improving people and processes.
Teams are busy and broadly tasked: The average SecOps staff member handles 3.5 major functions, with some taking on as many as 12. Counterintuitively, those in larger firms wear more hats than their SMB counterparts.
Coding matters: 25% of staff in lower-maturity SecOps programs possess coding or scripting skills compared to 40% in higher-maturity programs.
Functions not evenly distributed: SecOps use cases like event monitoring, vulnerability management and incident response are experiencing the widest adoption among functions. Meanwhile, specializations such as threat hunting are four-times less common in SMBs.
Challenges span people, processes and technology: The most common SecOps challenge experienced by respondents was lack of trained staff. Poor correlation and orchestration among processes and technologies was a close second.
SecOps maturity level
Overall, the responses yielded one clear message: SecOps maturity is about robust, documented, repeatable processes that tie technology, teams and their respective functions together to drive success.
“We already know that an overload of security alerts, reliance on manual processes and – of course – the global skills epidemic are all combining to cause chaos within IT and security departments,” said Nimmy Reichenberg, chief marketing officer at Siemplify.
“But this report goes deeper and gets more personal to help us understand what security operations professionals are feeling, how their programs are being challenged and what the future holds.”