2025年安全运营：重新审视当前安全运营的主题、市场趋势与成熟度，并展望未来

Revisiting the themes, market trends &maturity of SecOps now and looking forward Introduction Start by exploring why thisreportwas created andwhatyou can expect… The aim this year is, therefore, toexplore theemergent and transformatory trends Security Operationsis undergoing afundamental transformation;we’re seeingand helping clients reconsider traditionalapproaches to development and operations.Why?Today’s security leaders are thinkingbigger. In conversations with CISOs and Where are we today, and what’s blockingus?: 1.Navigating regulatory compliance, whatdo SecOps teams need to be aware of?2.The SOC workforce challenge in 2025:burnout, skills gaps, and the way forward3.Demonstrating Return on Investment, Security Operations in 2025 is about morethan pure detection and response. It’s aboutaligning with business risk, integratingIT/OT/Product telemetry into a unified What’s next, and how do we get there?: Simultaneously, the attack surface hasexploded with SaaS, machine identities, andnow GenAI tools.The result?A threatlandscape that’s faster, fuzzier, and far morefluid.Widespread campaigns like thoseperpetrated by Scattered Spider & ShinyHunters remind us cybercriminals are all-to-ready to exploit this situation.2025 has also 1.XDR is here, but how are we supposed touse it? Future-proofing your Detection &Response tooling2.Agentic AI in Security Operations: are SOCanalysts out of a job? We hope you enjoy reading these insights asmuch as we’ve enjoyed created them! Until So, what’s driving the creation of this year’sreview? It’s the understanding that thecapabilities, processes, and tech we relied James MaidmentSenior ConsultantUK SecOps Team AI is the paradigmatic example. It isn’t justaccelerating activities; it’s necessitating arewrite of the entire operating model. Contents Frontmatter IntroductionContents 4 Where are we now? What can the Benchmark tell us aboutmarketmaturity?5Cyber Benchmark overview6 Our challenges Meeting regulatory compliance 13 What’s next? XDR: considerations for sustainable implementation14Agentic AI in SecOps: laying out the problems and finding solutions15 18 Concludingthoughts The future of SecOps, in 2026 and beyond 21 Endmatter 21 01.Where is SecurityOperations in 2025? It’s fair to say a lot has happened in thepast year, before looking into the sixchallenges impacting SecOps, let’s take astep back and review progress since 2024. How has SecOps maturedsince 2024? To co-opt a famous phrase,‘aweek is a long time inSecOps’. Well, how about 52 weeks... This first section offersa step back on where we stand in 2025. Challenges within and without Wavestone’sCyber Benchmark 2025 ‘Tis the season for reports and alarmingfigures:the NCSC’s Annual Reviewnotes 204‘nationally significant’ cyber events, or 17 a month. Simultaneously, the first globaledition ofthe SOC-CCM reportnotesstagnant maturity growth, citing persistentretention and governance challenges. In Run annually since 2019, the benchmarkhassurveyed 150+ Wavestone clients,representing more than 7 million employees.It is based both on the NIST CSF and ISO27001/2. The benchmark itself consists of Each year, we collate the results and presenthigh-level findings to the public. This year’sheadline? ‘Measured progress, persistentchallenges’. Overall, companies progressed Consequently, this first section aims toprovide clarity on the development of theprofession since 2024, and the broader Security Operations in context Box plot viewof maturity scores for every topic: Minimum / 1stquartile / Median / 3rdquartile / Maximum.>3% YoY Increase What can the Benchmarktell us about ourmaturity? Response is becomingroutine and well-practiced Detection is moving fast,but so are threats SecOps moves slower,reflecting broader trends Incident responsecapabilities have shownclear improvement since2024 (+3%), primarily drivenby success inimproving Whileprocess andtechnology advances since2024 are not to be under-stated, this year’s CyberBenchmark tells us thatPeople advances are not tobe overstated. Significantdivergences between Detection capabilities alsocontinued to improve (+4%) demonstratingincreasedefficiency, particularly withinlarge organizations with thecapacity to run detection-as-code pipelines. This is a helpful by-productof recent regulatorycompliance initiatives butalsodemonstratesincreased understanding Having said this, with time-to-exploit down to a matterof minutes, increasinglyadvanced threat actorstargeting private Taking a step back, SecOpsappears to be following thetrend ofconsolidation.This is Detection: a constantly evolving challenge Detection is a useful case to bring to life the themes highlighted in the Benchmark.Specifically, when we look to the percentage of large organizations surveyed(approx. 100 companies) that have implemented certain capabilities, we find … Measured Progress Collectandanalyzebusinessapplication logs Regularlymonitor& analyze IDPconfigur