As the threat landscape continues to evolve, cybersecurity efforts must follow suit and organizations must mature their security operations (SecOps) capabilities to stop threats before damage occurs or minimize their impact. But what is the current average security operation maturity index in the organizations?
Whether the security operations team is in-house or outsourced, maturing security operations capabilities will help companies achieve a faster mean time to detect (MTTD) and respond (MTTR) to threats.
Gartner Peer Insights and WatchGuard surveyed 100 information security leaders at organizations with security operations processes in place to understand the varying maturity levels of different organizations' security operations capabilities.
Security Operations Maturity Index
As a results of this survey, we discovered that:
Data collection: June 8 - July 29, 2022, Respondents: 100 Information Security directors and managers
Organizations still need to work in reducing their attack surface
Hackers need to find a single vulnerable device, an unprotected endpoint, to slip into the network and unchain a security incident.
There is an opportunity to improve the cybersecurity program of most organizations by implementing endpoint monitoring and proactive detection and response practices in all user devices and servers, as only 12% of the organizations do it systematically.
Organizations don’t have skilled resources for building an in-house SOC
Organizations don’t have enough skilled resources to monitor and proactively detect and respond to adversaries. 15% of the organizations don’t even look at the security controls alerts, and 49% of them do it only during business hours. These organizations may need to mature their security operations with the help of a partner with skilled people and 24x7 prevention, detection, and response processes.
Only 27% of the organizations have the resources, processes, and technology needed to provide in-house 24x7 security operations function. 9% have already realized they need to delegate to an external SOC, due to insufficient in-house expertise.
A mature security strategy drives a SOC deployment
A security operations center acts as a hub, ensuring that an organization's security strategy is designed, coordinated, implemented, and operated efficiently. 94% of technology leaders surveyed by Gartner Peer Insights agree with this statement.
You can download the full Security Operations Maturity Survey here. If you want to learn more about the Security Operations Maturity model, download this eBook: The Security Operations Maturity Model, and explore what a modern SOC and MDR Service are and why they are so important in cybersecurity in this eBook: Modern SOCs and MDR Services: What They Are and Why They Matter. And don't miss our series of articles:
- Modern SOC and MDR Services Series: What They Are, Why They Matter
- Modern SOC and MDR services series II: 6 Benefits and Why They Matter
- Modern SOC and MDR Series III: The Different Roles within a Modern SOC
- Modern SOC and MDR Series IV: Deployment models
- Modern SOC and MDR Series V: Key functions in a Modern SOC
- Security Operations Maturity Model I: Measuring SOC performance