This analyses the findings of analysis of the Maturity Model levels of practice in enterprise Security Operating Centres or SOCs. For those who are uninitiated, SOCs are a relatively new organisational construct within IT and are responsible for assuring that there is ongoing monitoring and analysis of an organisation's IT operations to ensure that vulnerabilities are detected, intrusions are caught and problems are rectified. Although there does seem to be a great deal of diversity in people's interpretation of the exact scope of this remit.
Maturity Models (see CMMI) typically categorises maturity in 5 levels which address process and practice standardisation as well as feedback loop control via metrics and optimisation. 1 is ad hoc, 2 is repeatable, 3 is uniformly standardised and so on. So most organisations will aspire to level 5 as an acceptable level of conformity. Though the actual scope of coverage is important too.
Many enterprises have adopted SOCs to help deal with the ongoing climate of cyber threats arising from things such as simple viruses, spear pfishing, ransomware and Denial of Service attacks.
The report is quite sobering. Close to a quarter of the assessed organisations failed to achieve a score of even 1. only a fith appear to be making headway and the overall average score is less than 2.
The report finds that much SOC effort is wasted dealing with false positives arising from little standardisation and poor configurations of equipment. This underlines the operational hygiene issues of having accurate CMS data and consistency in build and installation. Knowing what you have and standardising as much as is practicable, does not just make it easier to operate an IT estate, but also to protect it by detecting anomalies and other problems. These are practices which not just ITIL but DevOps considers essential to robust operations and change management.
The report also shows problems with working out the right blend of insourcing and outsourcing as well as skills retention.
Overall there are signs within the report of slow but gradual maturing of approaches as well as better pooling of knowledge within organisations. But t is understandable, given the scale of issues that people face, that Splunk for instance promotes the adoption of a Lean SOC approach and gradual incremental implementation of SOC capabilities to address business priorities, 1 at a time.
No comments:
Post a Comment