SOC Maturity By The Numbers
Most large organizations today have security operations centers in play, but only 15% rate theirs as mature.
January 25, 2017
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltb86bb29bac17c0e4/64f0dac666539d7d84534ad4/01-soc.jpeg?width=700&auto=webp&quality=80&disable=upscale)
For many enterprises, the security operations center (SOC) is the spear tip of their cybersecurity programs.
Organizations depend on the ability of SOC analysts and incident responders to quickly spot indicators of attacks, investigate, uncover root causes, and mitigate problems in a timely fashion.
Dark Reading looks at some recent statistics to examine how well-prepared the average SOC is in meeting today's security challenges.
According to a recent study by Intel Security, nine out of 10 organizations today depend on SOCs already, though smaller organizations tend to have less SOC experience under their belts. Intel reports that about 60% of SOCs are internal, 23% are a mix of internal and external functions, and 27% are fully external.
That high rate of SOCs reported by Intel likely has to do with the fact that what some report as a SOC, others may call a network operations center (NOC). The study showed that 56% report using a multi-function model, running a dual SOC/NOC.
A study by the SANS Institute last year showed that even with a SOC in place, organizations struggle to get the most out of it. Close to half of organizations rate their SOC maturity as unknown or immature. Only about 15% would rate theirs as mature.
A recent report by Hewlett Packard Enterprise strove to put a finer point on maturity metrics through a study of close to 140 SOCs worldwide. The examination is via a Security Operations Maturity Model (SOMM) developed by the firm that's based on a number of measurables. According to HPE, more than one in four organizations with SOCs fail to meet even the most minimum standards for SOC maturity.
HPE has been tracking SOMM scores for five years running. This year, the firm took a look at some data across all its surveys to show that of all of the elements it use to index SOC maturity--people, process, business and technology--people and process lag behind.
Many SOCs are feeling the effect of an overall cybersecurity skills shortage. According to a joint ESG-ISSA survey, nearly half of organizations claim there's a shortage of skilled security workers available, and almost 70% say they're affected as a result. The survey reports the top skill lacking is security analysis and investigation.
Even when organizations do get the right people they need to fill the SOC ranks, they're getting mired in scut work. According to a recent Cisco study, almost 40% of analysts' time is spent doing non-security related work.
Even when organizations do get the right people they need to fill the SOC ranks, they're getting mired in scut work. According to a recent Cisco study, almost 40% of analysts' time is spent doing non-security related work.
For many enterprises, the security operations center (SOC) is the spear tip of their cybersecurity programs.
Organizations depend on the ability of SOC analysts and incident responders to quickly spot indicators of attacks, investigate, uncover root causes, and mitigate problems in a timely fashion.
Dark Reading looks at some recent statistics to examine how well-prepared the average SOC is in meeting today's security challenges.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024