Enterprises are increasingly relying on security operations centers (SOCs) to combat a growing number of threats they are hit with every day. Nearly nine out of 10 enterprises queried in McAfee Labs’ Quarterly Security Threat report said that they have either an internal or external SOC to fight security threats.
This is quite a change from a few years ago when dedicated SOCs were declining or being outsourced. According to McAfee’s security study released earlier this week, 66 percent of organizations surveyed have a formal threat-hunting operation while about 93 percent say they are unable to fight all relevant security threats.
McAfee’s report says that now almost all commercial and enterprise organizations have some type of SOC and have had them for more than a year. And many survey respondents say they plan to increase their investment in SOCs because they have seen an improvement in their organization’s ability to detect and fight threats because of the SOC.
About 60 percent of SOCs are managed internally while about 23 percent have a mix of internal and external support. Only about 17 percent have SOCs that are outsourced.
Some companies use virtual SOCs, which means that there is no dedicated facility, and they are staffed primarily by part-time employees. Most of the virtual SOCs primarily react to critical alerts or incidents. Multifunctional SOCs usually have a dedicated operations center that is operated during standard business operations and have a combination of dedicated and semi-dedicated staffers. Dedicated SOCs, meanwhile, have a dedicated operations team but those team members typically do more than just security tasks but also provide critical IT operations.
Attacks on the Upswing
Whether an enterprise has a dedicated SOC or not, most companies queried by McAfee report that security attacks are on the increase. About 67 percent said security incidents are happening more frequently than last year, and 16 percent said security incidents have increased a lot.
Of those surveyed who said that security breaches had increased, the majority felt that it was because of better detection (73 percent) and more attacks (57 percent).