Hacking Book | Free Online Hacking Learning


2013 soc security management platform application research report

Posted by verstraete at 2020-04-13

Author: Ou Xuee editor: Dong Chewei October 17, 2013 00:00

Original comments on IT168 website

[IT168 Research Report] with the continuous deepening and development of enterprise information construction, security problems have become a stumbling block affecting the normal business operation of enterprises. Therefore, enterprises that are aware of these problems have begun to deploy many independent software and hardware devices to solve different security problems, such as anti-virus, firewall, intrusion detection and other old three kinds of security devices, And the web security gateway, DLP and so on to solve the application layer security problem. The relatively independent deployment of these security devices does help enterprises solve some of the security problems they faced before. However, in today's big data era, these independent security devices make enterprises unable to cope with today's massive data centralized analysis and processing and the prevention and perception of overall security threats. Therefore, traditional information security systems have been unable to cope with the new environment Network security threats.

For today's enterprises, they need to have the ability to analyze security issues and manage the whole network and system from a global perspective under a unified management platform. Since 2000, many domestic and foreign security companies have been promoting their SOC (security operations Center, security management platform) products, so what about the current application of SOC in the enterprise? In order to better understand the current application of SOC security management platform, IT168 conducted online research on the application of SOC security management platform in 2013. Nearly 400 data have been collected in this survey. We have selected 300 effective and comprehensive data for analysis and shared the results of data analysis here for reference!

Main conclusions:

Due to the arrival of the era of massive data and the impact of apt attacks, SOC has gradually become the main direction of enterprise security investment in the next stage, and small and medium-sized enterprise users have begun to accept SOC more;

Most enterprises still attach importance to safety at the grassroots level. From our position distribution survey, we can see that more than half of the enterprises responsible for safety are security administrators, and only 19% of them can reach the level of CSO;

The lack of professional security management talents is related to the investment in IT security and the lack of high-quality security management talents, which may become a direction for more IT talents in the future;

SOC is not a passive safety protection equipment, it is difficult to play its real value without the active use and operation and maintenance of professional management personnel; in the later management and maintenance, it needs the continuous investment of the enterprise;

Click to enter the main content of the report: http://safe.it168.com/a2013/1016/1545/00000145557_1.shtml

Section 1 research background

Section 1 industry distribution

The IT personnel involved in the survey are from all walks of life. In recent years, the development trend of the telecom industry is particularly prominent. Therefore, the most people from the telecom / communication industry participated in the survey, up to 18%. The number of people from the three fields of Internet / information technology, education / research and manufacturing / processing is basically the same, accounting for about 12% of the whole industry. In addition, the distribution of personnel in government departments, medicine, health and trade circulation industries is almost 6%. Surprisingly, the financial insurance industry accounts for only 5%, and the energy and chemical industry only accounts for 4%.

The distribution of IT personnel industry also shows the development degree of the industry from the side. Obviously, the telecom / communication industry is a big momentum, and the Internet, education, scientific research and manufacturing industry are moving forward steadily.

Section 2 enterprise network scale

According to the survey results, most of the network scale of the companies that participated in the survey were small and medium-sized enterprises, accounting for 73% of the total number of PCs within 100, and 14% of the companies with 100-499 PCs. There are only a small number of large and medium-sized enterprises, 7% of which have 500-999 units, and only 6% of which have more than 1000 units. Therefore, the results of this survey are more convincing for small and medium-sized enterprises.

Section 3 distribution of personnel positions

In this survey, the proportion of all personnel structure is in line with the "pyramid" structure of the enterprise, and the proportion of security administrators is the largest, accounting for 54%, which shows that more people are "in their place, seeking their own politics", and security administrators pay more attention to SOC; Secondly, it administrators and operation and maintenance personnel account for 11% and 10% respectively, because both IT management and operation and maintenance are inseparable from security management; it managers account for 5%, and senior positions such as CEO and CIO account for 2%. To our regret, CSO position is still in the enterprise information construction, there is no clear positioning, and there is no dedicated department.

Section 2 current safety investment and challenges faced by enterprises

Section 1 enterprise investment in network security

With the continuous development of security threats, people's understanding of security is not only the old three kinds of security: anti-virus, firewall, intrusion detection. From this survey, we can see that only anti-virus is still valued by enterprise users, the other two firewalls and intrusion detection, and even UTM, people's attention to them has declined. We are very pleased to see that, while the traditional security protection means fade out of people's sight, the application layer security protection web security gateway, the next generation firewall, and the main role of our research SOC have attracted more attention.

In this survey, the investment of enterprises in anti-virus is as high as 83%. In recent years, hacker attacks and other malicious network behaviors take advantage of the vulnerability of Web services to attack, so the web security gateway is also favored by enterprises. From the survey results, it can be seen that the investment of enterprises in the web security gateway is as high as 75%. Nowadays, in the era of mobile Internet, all kinds of mobile terminal devices are also facing security challenges. Its investment is only 8% less than that of web security gateway. The next generation firewall is also a hot topic in recent years, with 58% of enterprises investing in it. The traditional hardware firewall is a little inferior, only 33% of the investment.

It is gratifying for us that enterprise users have attached great importance to SOC management platform, and more than half of users have begun to invest in SOC. In addition, the attention of enterprise users to UTM and IDS / IPS has declined significantly, which also shows that the investment of enterprises in this area has become mature. Finally, the demand for encryption / log audit is narrow, not all enterprises have demand, so only 15% of enterprise users choose this option.

Section 2 challenges and demands of enterprise network security management

Today, with the prevalence of network threats, the security management of network is always a continuous challenge for an enterprise. Security is dynamic. Hackers and anti hackers are constantly competing, and their technologies are constantly developing. The research found that there are still many needs and challenges in the enterprise network security management.

Among them, the biggest challenge is to realize the visualization of security devices (75%). In today's cloud era, enterprises not only have to accept the threat of traditional environment, but also face new threats in the virtual environment due to the widespread use of virtualization technology in cloud computing. Access between virtual machines is no longer protected by hardware isolation, and traffic in virtual switches is no longer visible and grasped by traditional devices. In order to eliminate the hidden dangers, we need to realize the "visual" security. It is gratifying that visual security devices have appeared in the market.

In addition, most enterprises still lack professional security management talents (72%). For network security management personnel, they need not only broader knowledge and theoretical reserve in IT technology, but also stronger practical operation ability. Perhaps this kind of complex demand makes it difficult for enterprises to recruit professional security management talents.

As mentioned in the previous article, most of the security product deployments are relatively independent, which makes it impossible for enterprises to form unified management. This demand also accounts for a high proportion of 71%. Therefore, from this point of view, the future market of SOC will be particularly clear. Another relatively high demand is that enterprises cannot effectively respond to apt (advanced persistent threat) type network attacks (64%), and apt's attack means are more advanced and advanced than other common network attack forms. Although there are many ways to defend and real-time monitor apt attacks, such as static detection, dynamic monitoring, industrial chain tracking, etc., [C4] But these all need to have a clear understanding of the whole information security environment, so this is still a security problem faced by enterprises.

Other challenges and demands include the inability to handle massive security events (20%), the lack of security management and operation and maintenance mechanisms and their configured processes (18%), the need to meet the level of protection and PCI-DSS compliance requirements (17%), and so on.

Section 3 deployment of enterprise SOC

Section 1 enterprise SOC deployment

SOC emphasizes the unified management, audit and operation of each separate security system to form a complete security system, thus realizing efficient and comprehensive network security protection, detection and response, which also makes SOC become a new focus of network security construction. For enterprises, SOC has also become a good choice. Through this survey, we found that 61% of the enterprises have deployed SOC, and 10% of the enterprises are considering SOC deployment, while only 29% have not.

Section 2 problems that SOC can solve

SOC is a foreign word. When SOC is proposed in China, most users have a vague understanding of SOC, and the functions and features of SOC are different from those of foreign countries. Therefore, in order to investigate our understanding of SOC, this research also involves the functional modules of SOC. SOC has been recognized by about 77% ~ 82% of enterprise users in the unified security equipment strategy management, emergency response processing, integration of network management function and unified security event management, as well as assisting operation and maintenance personnel in risk analysis and network early warning. In addition, a few (17%) found that SOC was also effective in analyzing event correlation, and another 10% believed that SOC could provide support for senior decision-making.

Section 3 considerations for SoC deployment

SOC is not a pure product in essence, but a complex system. It has not only products, but also services, operation and maintenance, as well as organizations, personnel and processes. All SOC deployment is not so simple. For enterprises, what are the issues to consider when deploying SOC?

Most enterprises will give priority to the stability and reliability of products, accounting for 83%; next is whether SOC can solve some key it problems faced by enterprises and the demand for IT personnel, and then 64% of enterprise users will consider the brand, popularity and comprehensive strength of products and service providers. It also shows that human is the most critical factor in the whole SOC life cycle. Such issues as input cost and whether resident engineers are employed are not as important as those mentioned above, but they cannot be ignored.

Section 4 selection of enterprise SOC

Section 1 brand selection

In recent years, the market of SOC is developing very hot, and there are many kinds of products, which leads to the difficulties in the selection of SOC. What choices will enterprise users make for SoC manufacturers and SOC brands at home and abroad?

According to the survey results, nearly 68% of the enterprise users have no attitude towards choosing domestic and foreign brands, while 17% of the users with clear choice still support domestic brands, which shows that although SOC is developed from abroad, it will not affect the development of SOC in China, and SOC in China is full of its own characteristics.

How to choose a SoC product? Different people have different opinions, but they can't do without a benchmark, which is to fit themselves. Each enterprise has different scale and industry field, so all these factors should be taken into account when choosing.

Section 2 evaluation of SoC development status

The birth of a product is not achieved overnight, but continuously developed and improved. In particular, safety products need continuous practice to gradually mature. Therefore, for the development of SOC, most enterprise users think that SOC is becoming mature and have great expectations. While only 7% are very satisfied with the current situation of SoC development, and think that the SOC in China has matured. In addition, the remaining 5% think that the current SOC is very immature, which is far from the ideal. Therefore, although the development momentum of SOC is very hot, it still needs to be developed and improved in order to become the product that all enterprise users like.

Section 3 enterprise requirements for SoC

When it comes to the development trend of SOC market, some experts predicted that SOC market would be divided into small and medium-sized enterprises and large enterprises in the future. With the awakening of security awareness, small and medium-sized enterprises will also become active users of SOC products. As we can see from the previous article, there are more people involved in this survey. When asked about the demand of enterprises for SOC, 61% of enterprises are going to deploy SOC security management platform within half a year, and 29% of enterprises say they have demand for SOC in the future. From this point of view, the prediction of experts is now true, which also shows the importance of SOC.

Section 4 problems in using SOC

Conduct problem research among enterprise users who have used or SOC, and find out the existing problems when using SOC at present. The results show that nearly 90% of enterprise users lack of professional security analysts, and can not really find and troubleshoot security problems, and 83% of enterprises lack of security operation and maintenance engineers. These two problems are similar to the lack of professional security management talents mentioned above, which once again shows that the demand for network security management talents is a bottleneck problem. In addition, the complexity of system maintenance is also a difficulty for most enterprises (82%), which also points out the direction for the future development and improvement of SOC. A small number of enterprises (18%) think that the deployment process of SoC system is too complex and involves cross department coordination, so it is difficult to really put it assets under the jurisdiction of the platform in SoC security management. These are the issues that SOC technicians need to pay attention to at present.

Section 5 meaning of SOC

The reason why SOC can win a place in the security market is that it has its own advantages. What are the advantages of SOC? According to the data, 88% of the enterprises think that SOC has achieved the goal of avoiding the isolated island of security and realizing the integrated management of security; Another 85% of the enterprises also agree with the other two advantages of SOC, that is, correlation event analysis, which can find more potential security risks. SOC also reduces the operation and maintenance personnel and saves it costs.