“Software is eating the world.” That phrase entered the high-tech lexicon in 2011, courtesy of Marc Andreessen, co-founder of both Netscape and venture capital firm Andreessen Horowitz. His thesis is proven time and again. If you substitute data for software, it amplifies the power of Andreessen’s observation. Consider the following statistics on how much data is created every day:
- 2 trillion daily searches on Google in 2021
- 134 trillion MB of data created every day
- 278,108 petabytes of global IP data per month by the end of 2021
- 149 zettabytes of estimated data consumption by 2024
Technology users alone generate more than 1.145 trillion MB of data every day!
When you think about all that data, imagine what it’s like for the typical SOC, which is responsible for securing on behalf of its organization every day, it can be overwhelming for analysts.
This second post in our blog series introducing the journey to the autonomous SOC looks at the ubiquity of data and how the fusion of AI and automation will help analysts work more efficiently and make them less likely to burn out.
Using Technology to Elevate Analyst Effectiveness
Of course, amid a growing technology stack, rapid digitization of business, and the expanding scope of enterprise assets, it follows that more data attracts more unknown threats, creates more false-positive alerts, and generates more noise for SOC analysts to cut through. In fact, in this highly dynamic environment, organizations are challenged to collect and analyze complete data from all sources, which can limit visibility and compromise security.
This is bad news for SOCs that are unable (or unwilling) to evolve.
With more data than ever to secure — and clever, relentless adversaries eager to get at it — SOC teams must avail themselves of advanced technologies to keep pace. With the autonomous SOC, intelligence informs analysts’ work. Cutting-edge SOCs already are using automation to perform some repetitive tasks. This enables threat hunting and investigation to become a fusion of human expertise, automation, and artificial intelligence. Most organizations will continue to rely on the expertise of skilled analysts who leverage threat intelligence from the security community to ensure the highest level of incident response. But AI will accelerate many of those functions.
The Role of the Autonomous SOC
AI-driven automation will give analysts the information they need to quickly identify — and stop — previously seen attacks. AI will know the scenarios, questions and data that analysts use to triage, investigate and hunt threats. The autonomous SOC will automatically deliver a blueprint of the full attack story as the starting point for analysts to launch their work. This will increase the value analysts provide to the organization by eliminating repetitive and routine tasks so they can focus on the critical work of stopping threats before they cause damage.
The autonomous SOC will provide a flexible and scalable data fabric to ingest data from all sources and formats. Multitenancy and the ability to collect global data while complying with privacy requirements will be critical for realizing the full benefits of the autonomous SOC across even the largest, most complex organizations.
In the next installment of this series, we’ll discuss the second pillar of the autonomous SOC: analytics.
Ready to learn more about the autonomous SOC? Download the eBook.