Study of Cybersecurity Ops Pros Reveals Heavy Workload, Lack of Maturity in 4 out of 5 Businesses
Siemplify and Cyentia Institute highlights the biggest SecOps burdens and challenges hindering progress for enterprises and MSSPs, including lack of automation and orchestration
Based on a survey of more than 250 security operations practitioners working at enterprises and managed security service providers (MSSPs), who were asked to assess a litany of subjects related to their responsibilities, impediments and needs, the report presents a comprehensive portrait into the nexus of cybersecurity infrastructure – the operations – and the personnel responsible for ensuring their efficiency and effectiveness.
Arguably most notable is that the study includes perspective into where respondents see their SecOps programs – and the individual functions that constitute them – stacking up in terms of maturity, as well as what defines success and how to forge a path forward.
"The results of this report present the story of security operations and how it is still a long way from being fully written," said Wade Baker, founder of Cyentia Research, commissioned to conduct the study. "A number of factors – some more obvious than others – are influencing the success of SecOps programs and the practitioners who work within them, and we sought to quantify those and help shed some light on where they see things now and where they may go from here."
Of the respondents surveyed, only 20% indicated that their SecOps programs have reached the highest maturity level. The majority reported that they are just starting their maturity journey or only midway through it. Of verticals, MSSPs expectedly ranked highest in terms of SecOps maturity, while not-so-predictably the traditionally regulated industries of healthcare and finance rated near the bottom.
Other key security operations trends revealed in the report include:
Not all SecOps programs are created equal: For example, over half of financial firms report having 10 or more SecOps staff, but only 14% in the health care sector have that level of resources.
Tiered structure tapering: A little over half of respondents work in traditional 'tiered' security operations centers (SOCs), which are comprised of different analyst levels. The rest form teams of mixed roles and experience.
Structure influences strategy: Programs with a 'tiered' structure stress optimizing and managing tools. Those organized by 'teams' emphasize improving people and processes.
Teams are busy and broadly tasked: The average SecOps staff member handles 3.5 major functions, with some taking on as many as 12. Counterintuitively, those in larger firms wear more hats than their SMB counterparts.
Coding matters: 25% of staff in lower-maturity SecOps programs possess coding or scripting skills compared to 40% in higher-maturity programs.
Functions not evenly distributed:
Challenges span people, processes and technology: The most common SecOps challenge experienced by respondents was lack of trained staff. Poor correlation and orchestration among processes and technologies was a close second.
Overall, the responses yielded one clear message: SecOps maturity is about robust, documented, repeatable processes that tie technology, teams and their respective functions together to drive success.
"We already know that an overload of security alerts, reliance on manual processes and – of course – the global skills epidemic are all combining to cause chaos within IT and security departments,"
The complete report is now available for download (https://www.siemplify.co/
Products, service names, and company logos mentioned herein may be the registered trademarks of their respective owners. All rights reserved.
MRB Public Relations
+1 732.758.1100 x104