Why SecOps is Needed Now More Than Ever: Three Necessary Steps | eWEEK | eWeek

Why SecOps is Needed Now More Than Ever: Three Necessary Steps

Why SecOps is Needed Now More Than Ever: Three Necessary Steps
Écrit par
eWEEK EDITORS
eWEEK EDITORS
Oct 28, 2021
4 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

It seems everything around us is getting smarter: smart phones, smart cars, smart thermostats, smart refrigerators, smart TVs, smart lights, smart homes, etc. – everywhere we go we find ourselves interacting with technology.

In fact, according to Digital 2021: Global Overview Report from Datareportal.com, adults now spend almost seven hours a day interacting with all of their connected devices.

Just as technology is becoming a larger part of our daily lives, businesses also increasingly rely on technology to improve communication, enhance decision making, manage customer relationships, drive go-to-market solutions, and more. Just look at how business leaders are investing: worldwide IT spending is expected to increase to $4.2 trillion in 2021, according to Gartner.

Technology has had a massive, transformative impact on business, but the introduction of modern capabilities and new technologies expands the threat surface significantly. According to the FBI’s 2020 Internet Crime Report, the Internet Crime Complaint Center received a record 791,790 cybercrime complaints in 2020. Security breaches are not only common, but they are also costly – with the average data breach in 2020 costing businesses $3.86 million according to a new report from IBM and the Ponemon Institute.

Business leaders are taking note. Spending on information security and risk management technology and services is expected to grow 12.4%, reaching $150.4 billion in 2021 according to Gartner. The increased focus on security is good but the approach needs to mature as well if we want to get the most out of our investments. Traditionally, new threat vectors (from introducing new technologies) are addressed by purchasing and implementing new point solutions which can lead to significant security technology sprawl.

In no time at all, the security toolchain is a large stack of firewalls, endpoint detection and response solutions (EDR), Data Loss Prevention solutions (DLP), Network Access Control (NAC), and more. And that stack becomes more bloated as the security landscape becomes increasingly complex. It is common for midsize and large organizations to have 15 to 40 different point solutions in their core security stack, and up to 80 when you evaluate their complete technology portfolio.

Tool First vs. Process and People

There’s a certain logic to the approach noted above: Identify a security gap, deploy a technology solution to mitigate it. Repeat.

However, this “tool-first” approach to security is often at the expense of the two other pillars of a mature security program: processes and people. This approach can cause significant problems over time, creating technology silos between teams, adding exponential complexity to response teams, and reducing program transparency due to a lack of central reporting.

Security analysts, often from the Security Operations Center (SOC), are commonly assigned to triage the various alerts and other information these tools generate. Tool sprawl forces them to take a “swivel-chair” approach to processing new issues as they come into the SOC. The SOC analyst might have to log into as many as 10 different systems just to determine whether an event is real (and requires further action to mitigate) or a false-positive.

This slows down the analysis and exacerbates actual security threats by delaying remediation. The SOC team often lack the 360-degree visibility it needs to evaluate, contextualize, and respond to security data in a centralized location – a problem that worsens as the complexity of your technology stack and the corresponding threat landscape continues to grow.

These organizations must modernize their approach so that they can achieve the benefits of emerging technologies without introducing unnecessary risks.

How to Modernize Your Security Operations 

Following are three steps to help IT leaders modernize their Security Operations program:

1. Invest as much in processes as you do technology

The more technology we have the more dependency we have on ways to aggregate the data and make it intelligent and actionable. A Security Incident Event Management (SIEM) solution is critical to aggregate all the data from the disparate sources to a common system of record where we can leverage workflows to remediate the threat.

2. Build a control tower

Aggregation alone is not enough; build a program that can filter through the thousands of alerts and find the threats that matter.  It is critical to build a security “Control Tower” that gives equal consideration to the processes and the technology, consolidating events from your SIEM into a single system of action, that enables the people to identify, triage, and address security threats quickly and efficiently.

Advertisement

3. Empower people by staying focused on the end-goal

The ultimate objective of a security program is to prevent as many threats as possible while also enabling your security teams to take quick and correct action when threats arise. This means that enabling and empowering people with efficient technology that aggregates and enriches data supported by well-defined processes that provide guidance and remove confusion should be the goal.

About the author:

Josh Tessaro is Practice Manager, Security & Risk, at Thirdera

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.