More than 93 per cent of organisations employ AI and ML technologies with the leading goal of improving advanced threat detection capabilities, according to a survey by CyberEdge Group and Micro Focus.
Furthermore, over 89 per cent of respondents expect to use or acquire a security orchestration and automated response (SOAR) tool within the next 12 months. These findings indicate that as SOCs continue to mature, they will deploy next-gen tools and capabilities at an unprecedented rate to address gaps in security.
The data is contained in 2020 State of Security Operations report, which reveals that security operations centres (SOCs) across the globe are most concerned with advanced threat detection and are increasingly looking to artificial intelligence (AI) and machine learning (ML) technologies to proactively safeguard the enterprise.
“The odds are stacked against today’s SOCs: more data, more sophisticated attacks, and larger surface areas to monitor. However, when properly implemented, AI technologies such as unsupervised machine learning, are helping to fuel next-generation security operations, as evidenced by this year’s report,” said Stephan Jou, CTO Interset, Micro Focus.
“We’re observing more and more enterprises discovering that AI and ML can be remarkably effective and augment advanced threat detection and response capabilities, thereby accelerating the ability of SecOps teams to better protect the enterprise.”
George Atrash, head of enterprise security – Australia and New Zealand, Micro Focus, said, “While Australia and New Zealand (ANZ) wasn’t specifically called out in this study, many of the survey results closely resonate with the experience and concerns of ANZ SOC teams in their daily operations,” said George Atrash, head of enterprise security – Australia and New Zealand, Micro Focus.
“One of the main challenges for organisations in ANZ has been COVID-19. With the pandemic and the related work from home policies, SOC teams in ANZ experienced a significant increase in security incidents related to unmanaged devices and the deriving threats.
Atrash said Micro Focus has seen an increasing interest on the MITRE ATT&CK framework, which gives security professionals a better understanding of attack techniques and provides a consolidated knowledge base for advanced threat detection and protection.
“Furthermore, the proliferation of security tools undoubtedly provides more data, however, operators need to reduce the threat detection time. Hence the interest in ML and AI-based security operation solutions, which help SOC teams improve their detection capabilities.”
As the volume of threats rise, the report finds that 90 per cent of organisations are relying on the MITRE ATT&CK framework as a must-use tool for understanding attack techniques, and that the most common reason for relying on the knowledge base of adversary tactics is for detecting advanced threats.
Further, the scale of technology needed to secure today’s digital assets means SOC teams are relying more heavily on tools to effectively do their jobs. With so many responsibilities, the report found that SecOps teams are using numerous tools to help secure critical information, with organisations widely using 11 common types of security operations tools and with each tool expected to exceed 80 per cent adoption in 2021.
Key findings include:
- COVID-19: During the pandemic, security operations teams have faced many challenges. The biggest has been the increased volume of cyberthreats and security incidents (45 per cent globally), followed by higher risks due to workforce usage of unmanaged devices (40 per cent globally).
- Most severe SOC challenges: Approximately 1 in 3 respondents cite the two most severe challenges for the SOC team as prioritising security incidents and monitoring security across a growing attack surface.
- Cloud journeys: More than 96 per cent of organisations use the cloud for IT security operations, and on average nearly two-thirds of their IT security operations software and services are already deployed in the cloud.
“As many ANZ organisations start to use the cloud for the majority of their IT security operations software and resources, it will become easier for SOC teams to access security operations functions from literally anywhere in the future,” Atrash said.