SOCs shift to threat detection and response: Gartner

Security operations centers are shifting focus in response to today’s numerous and complex threat alerts.
Written by Charlie Osborne, Contributing Writer

Today's modern Security Operations Centres (SOCs) are beginning to focus on threat detection and security alert management in response to modern-day threats.

SOCs are teams of cybersecurity professionals whose task it is to monitor networks for cyberattacks and suspicious behavior, as well as improve internal security controls and procedures.

These groups can be critical to maintaining adequate security hygiene and the threat data they collect may be shared with wider agencies to improve the cyberdefense industry at large.

On Tuesday, Gartner said that SOCs are now, in ever-increasing numbers,  shifting investment, resources, and time from threat prevention to threat detection and proactive response.

The research agency predicts that by 2022, 50 percent of all SOCs will encompass incident response, threat intelligence, and threat-finding capabilities, up from an estimated 10 percent in 2015.

"The need for SRM leaders to build or outsource a SOC that integrates threat intelligence, consolidates security alerts and automates response cannot be overstated," said Peter Firstbrook, research vice president at Gartner.

See also: Apple iPhone sales took a nosedive in 2018: Gartner

The predictions were made as part of Gartner's 2019 emerging security and risk management trends report, which also suggests that passwordless authentication is another strategy shift in the cybersecurity arena.

This kind of technology is being deployed more frequently by the enterprise, and consumers, too, are being introduced to passwordless authentication. Biometric services including TpuchID are already in common use, and Google recently inked a deal with the FIDO Alliance to bring app-based passwordless authentication to Android devices.

"In an effort to combat hackers who target passwords to access cloud-based applications, passwordless methods that associate users to their devices offer increased security and usability, which is a rare win/win for security," Firstbrook commented.

Gartner also believes that we will see an increased rate of cloud security failures taking place over 2019 - 2023 which are the fault of customers rather than vendors. It is believed that these issues will arise due to security teams being stretched thin and a lack of skilled help being available in order to ensure secure transitions over to the cloud. 

TechRepublic: Why businesses fear cyberattacks from ex-employees more than nation states

As there is a shortage of cybersecurity professionals available, more vendors will offer blended services that also take advantage of AI, machine learning, and automation to clients in the future. It is expected that by the end of 2020, the number of unfilled cybersecurity roles is expected to grow to 1.5 million from an estimated 1 million in 2018.

With the arrival of data protection regulations such as the General Data Protection Regulation (GDPR), the enterprise is being made aware of its responsibility to store only what information is necessary and in a secure fashion. In order to do so, however, companies are now examining their own systems and how data is managed.

CNET: At hearing on federal data-privacy law, debate flares over state rules

Gartner believes that this will prompt data security investments to be more commonly made through data security governance frameworks (DSGFs) over the course of 2019.

"DSGF provides a data-centric blueprint that identifies and classifies data assets and defines data security policies," says Firstbrook. 'This then is used to select technologies to minimize risk. The key to addressing data security is to start from the business risk it addresses, rather than from acquiring technology first, as too many companies do."

Facebook's worst privacy scandals and data disasters

Previous and related coverage

Editorial standards