Becoming a Mature SOC: Why aren’t we flattening the curve? (Part 1)

Becoming a Mature SOC: Why aren’t we flattening the curve? (Part 1)

Data Hygiene
Future SIEM
If there is one thing everybody can agree on, it’s that cybersecurity breaches have risen significantly over the last 15 years, and so has the monetary and reputational impacts that follow as a result.  One interesting trend that we have noticed over this time period is that there are 5 major factors that continue to increase at rapid paces:
  1. Number of security breaches being reported are on the rise each year, including dwell time to respond
  2. Enterprise financial and reputational impacts of breaches continue to rise
  3. Cybersecurity technology market has grown 35X in the last 15 years
  4. Enterprise spending in the security market continues to rise, currently exceeding $115 billion
  5. The volume of data created within organizations has increased by 700% over the last 10 years
What is interesting to note here is that it doesn’t appear that the security market has been able to properly “flatten the curve” on improving the enterprises’ ability to adequately prevent, detect and respond to cyber threats.  Now, there can be many reasons behind why this is, but it is important to note that regardless of the reasons why, we know companies are spending billions of dollars on security and we are still seeing record increases in breaches being reported. Are enterprises receiving a return on their security investments, or are they experiencing a false sense of security?  Why haven’t we flattened the curve?
Before we get into the reasons why, let’s just look at some of the industry numbers that justify the basis for these thoughts. Breaches Reported:
  • According to Verizon’s 2020 Breach report, they investigated 3,950 confirmed breaches across multiple industries, up 87% from their 2019 report of 2,103.
  • According to Tech Republic, data breaches increased by 54% in 2019.
  • According to IBM, breaches caused by malicious or criminal attacks are a growing threat and has increased by 21% over the past six years.

Enterprise Impacts:

  • According to IBM research, the cost of a data breach has risen 12% over the last 5 years, averaging close to $4 million dollars per breach
  • According to IBM, the amount of time it took for organizations to detect a security breach (dwell time) was 279 days in 2019, up 5% from 266 days in 2018.

Enterprise Spending:

  • According to Gartner, worldwide spending on information security products and services exceeded $114 billion in 2018, increasing 12% from the previous year.  They forecast the market to grow to $170 billion by 2022.

Cybersecurity Market:

  • According to, the cybersecurity market has grown 35X over the last 13 years, and they anticipate a 12-15 percent year-over-year cybersecurity market growth through 2021.

Data Volumes:

  • According to, the volume of data/information created worldwide from 2010 to 2020 has increased by 700%.
Let’s Flatten the Curve

Based on all the information, let's make the basic assumption - organizations spending billions on cybersecurity technology and prevention, but still struggle to properly assess, quatify and measure their overall cybersecurity maturity/risk posture As a result, even after all this money is spent, they still have difficulty quantifying the value this all provides to the business and whether or not they are better off today than they were yesterday. As you begin to think about how to improve your security maturity posture, we encourage you to take a step back and think about ways you can improve using the technology, data, and resources you already have.  Instead of chasing the next shiny security tool, focus on the improvements you can make using your existing technology, because sometimes, the extra visibility you need or want you may already have. The successful model for running an effective security organization is your ability to properly prevent, detect, analyze, and contain/mitigate cyber threats. To be able to do this effectively, you need to do 2 things very well, intelligence and data.  Intelligence should be driven by threat research and an understanding of the core business processes that can be impacted by those threats.  Your data hygiene coming from technology - the security event logs and application feeds, need to be structured, enriched, concise, and readily available to your security teams so they can use it to build detections and effectively respond to incidents. Over the next couple of weeks, we will be posting on how Anvilogic can help you flatten your curve using the technology, data, and resources you already have. Think about your maturity…Intelligence

  • Have you prioritized the threats you need to prevent?
  • Do you have an understanding of the core infrastructure you need to protect?
  • Do you understand the critical business processes that use this core infrastructure?  Do you know how the business actually works/operates?


  • Do you have the data sources needed to detect those threats and protect that core infrastructure and business process?
  • Is that data structured, enriched, normalized and usable?


  • Do you have the detection content necessary to adequately respond to those threats in that core infrastructure and business process?
  • Does that content have a combination of threat intelligence and business intelligence?
  • Do you actually correlate activity across different data domains
  • What is your detection efficacy?
  • Is your SOC/SOAR looking at the right activity?


  • Do you have the technology and controls necessary to mitigate and prevent those threats in your core infrastructure?
  • What is your response time?
  • Does your SOC have the access and capabilities necessary to respond to threats as they are occurring?
  • Do you perform proper testing and health monitoring of all of these security controls to ensure everything is operating as expected?

At Anvilogic, our core mission is helping you improve your SOC’s overall maturity.  Let us know how we can help you. 


Chat with our team to receive a free maturity assessment

Get in Touch

Ready to learn more about Anvilogic?

Kickstart your security operations

Anvilogic provided the necessary threat detection automation for our small SOC, adding a significant force-multiplier advantage for my team.