Discover Performance

HP Software's community for IT leaders // April 2014

Rate your security, but don’t aim too high

A new report offers a new scale for measuring security maturity—and finds that it’s not necessarily best to be the best.

The bottom line

What: A new report finds global IT security lacking, and offers a guide to improvement.
Why: While most SOCs are not yet mature enough, it’s possible to “try too hard” and become rigid.
More: Download HP’s free report, 2014 State of Security Operations.”

With today’s cybercriminals more successful than ever, and the cost to defend against cyber crime growing higher, enterprises are increasingly investing in a formal security operations center (SOC). But a new HP Enterprise Security study finds that while few organizations today have reached optimal maturity, it’s also possible to go too far.
"Our adversaries aren’t following tight controls for attacks and malware, and neither should we," says Jesse Emerson, director of HP security intelligence and operations consulting. "The right place for an enterprise is the level where enough operational components are consistent so you can drive a predictable operation, but not to a point of rigidity where the operation can’t flex and respond to dynamic threats and adversaries."
HP Enterprise Security’s "State of Security Operations" report is drawn from more than 90 assessments of 69 security operations organizations worldwide, performed over five years. It details a number of key learnings (further summarized in a pair of posts on this HP Enterprise Security blog). It also articulates a new scale for measuring security maturity, and warns about the need to balance maturity with flexibility.
Regrettably, an over-mature SOC is a problem that most companies would be lucky to have. Some stats:

  • 24 percent of assessed security operations centers do not meet the minimum requirements to provide consistent security monitoring.
  • Only 30 percent of assessed organizations are meeting business goals and compliance requirements.

"Very few organizations are overachieving in terms of maturity," Emerson says.

A few holes in your SOC

To measure the maturity of an SOC, the report unveils the Security Operations Maturity Model and Methodology (SOMM). Companies with no security operations capability are rated a 0, while a score of 5 is given for a capability that is tightly controlled, continually measured, and ever-evolving.
Level 5, however, is not the goal.

"If you’re trying to maintain a level higher than a level 3, there’s a huge investment and overhead associated with that," Emerson says. By level 5, analyst procedures are often overly detailed, including exhaustive screen shots and flow charts—details that limit the quality and speed of response. "The benefits of your SOC are overshadowed by cost."
Higher levels of maturity can make sense for specific business profiles. Level 4 is optimal for managed security service providers (MSSPs), for whom the benefits of consistency and repeatability can outweigh the cost of decreased responsiveness. And level 5, says Emerson, "is only appropriate when you have zero tolerance for deviations and a fixed scope of defense of a tightly controlled environment."

Best practices for standout SOCs

Companies with optimized SOCs are learning more than just restraint. They are discovering new best practices that leverage the flexibility and dynamism of optimal—not maximal—maturity. These smart tactics tend to align with the four primary criteria of SOC maturity: people, processes, technology, and business alignment. Some highlights include:

  • Relationships and communication matter. Seeking round-the-clock diligence, many security organizations follow the sun with geographically distributed teams—which are significantly less effective than single-location teams. Emerson notes that differences in team culture and geographical culture can lead to different priorities and an unhealthy tension. Sometimes data privacy and data export regulations preclude a single-location SOC, but when possible, a 24x7 team in one location with plenty of shift overlap delivers the best overall result.
  • Adopt a SIEM. Data silos are common in enterprise security. A security information and event management (SIEM) system provides a single pane of glass across a wide spectrum of disparate security data and provides analytical efficiencies that are a necessity with today’s data volume.
  • Learn to prioritize. It’s no longer feasible to approach your security strategy as if you can prevent every exploit and attack. The reality is that you’ll be breached far more often than you’d like. Instead, security needs to engage with the business to prioritize information assets and focus spending to protect high-value targets.

Don’t take the "quick" route to maturity

While the entire point of security maturity is to prevent a breach, the report found that getting breached is the fastest way to bring focus to your security maturity. It’s a unique opportunity to fail forward. Post-breach SOCs are usually built up quickly to limit future impact of a breach and demonstrate due diligence in the wake of a loss.
However, with the State of Security Operations report in hand, and a fresh focus on the maturity of your security strategy, you can make immediate improvements to your security operations center before a successful attack occurs.

Learn more about the state of SOC maturity in organizations worldwide and core best practices in the “2014 State of Security Operations” report.



IT leader assessment

This tool evaluates the correlation between IT attributes and business success and, based on how your answers compare with average scores, will advise you where to invest in IT.

It is based on data HP collected from 650 global companies about a range of IT characteristics (server capacities, approach to information management, security, BYOD, etc.) and how they correlate to revenue gain. This assessment will compare your answers to the average scores in that study.

There are 12 questions that will require an estimated 10 minutes of your time. You'll receive a summary of your rating upon completion.

Let's get started

Please select an answer.


Your answer:
Your score:
Average score:
Revenue leaders' score:


Please select an answer.



Your score:
Average score:
Revenue leaders' score:

Get detailed results:


Popular tags


Discover Performance Weekly

HP Software’s Paul Muller hosts a weekly video digging into the hottest IT issues. Check out the latest episodes.

Enterprise 20/20

Security 20/20

Preparing today for tomorrow’s threats.

Introduction to Enterprise 20/20

What will a successful enterprise look like in the future?

CIO 20/20

Challenges and opportunities for the CIO of the future.

Dev Center 20/20

How will we organize development centers for the apps that will power our enterprises?

Marketing 20/20

Welcome to a new reality of split-second decisions and marketing by the numbers.

IT Operations 20/20

How can you achieve the data center of the future?

Employee 20/20

What the workforce of 2020 can expect from IT, and what IT can expect from the workforce.

Mobility 20/20

Looking toward the era when everyone — and everything — is connected.

Data Center 20/20

The innovation and revenue engine of the enterprise.

Read more

HP Software related

Most read articles

Discover Performance


Tweets @ HPSecurity