Fueled by the need to detect new, emerging threats while supplying meaningful feedback upstream to anticipate and prevent future ones, the modern SOC is the engine that protects organizations worldwide. The heart of that engine is common to all SOCs since they debuted more than a decade ago: people.
Still, even as emerging technologies such as artificial intelligence (AI) and machine learning (ML) promise to provide proactive risk reduction by managing petabytes of data analytics, automatic incident triaging, and response, it’s becoming increasingly more difficult for organizations to attract and retain skilled analysts.
Since SOCs will continue to rely on human analysts, it’s reasonable to expect there will be parallel challenges in the types of activities/events they will need to monitor, mediate and manage, including:
- A higher volume of increasingly sophisticated attacks
- A lack of visibility into complex operating environments
- An inability to analyze cloud-scale volumes of data
As their work is destined to become even more challenging, however, the energy expended by analysts chasing down alerts that turn out to be benign and the sheer volume of false-positive alerts that cross their screens can be overwhelming.
This repetition and routine have directly led to widespread SOC analyst burnout. A survey of more than 1,000 global security professionals found that 75% of SOC analysts said they felt burned out on the job, according to the 2021 Devo SOC Performance ReportTM. Other findings include:
- 72% of respondents rated their pain of working in their SOC at a 7 or above on a 10-point scale.
- 68% of respondents said they have too many alerts to chase.
- 63% of respondents said the pain of SOC work led them to consider changing careers or leaving their current job.
With an always-growing number of alerts and the explosion of data that needs to be protected against threats, identifying which alerts are “safe” to ignore is an almost impossible mission.
So, what’s the solution to the many challenges facing SOC teams? The autonomous SOC.
WHAT IS THE AUTONOMOUS SOC?
The SOC of the future still will perform its primary function — but in a different way. That’s why a new SOC model is required for organizations to stay ahead of the exponential increase in data, the continued shortage of skilled analysts, and the volume and severity of cyberattacks. This new model must enable teams to focus on their top priority: delivering positive security outcomes.
The autonomous SOC will:
- Deliver complete visibility, automation and analytics, along with access to the latest community expertise, content, and threat intelligence
- Integrate seamlessly with security and IT tools
- Enable SOC leaders to automate triage, investigation and hunting
- Deliver fast, effective detection and incident response to resolve threats on large-scale, cloud-first infrastructures
And that’s just for the technology side of the equation. There’s also an upside for analysts.
For example, deploying AI-driven automation in the SOC to handle the repetitive tasks of reviewing alerts to determine which require action, will free them to focus on hunting, investigating and responding to the threats that matter most to their business. This will make their work more fulfilling as they use their skills and experience to perform in-depth analysis of threats and how to eradicate them. That will help alleviate analyst burnout, improve SOC team morale, and make organizations more secure and less vulnerable to sophisticated attacks.
In subsequent installments of this blog series, we’ll discuss the three pillars of the autonomous SOC. First up: data.
Ready to learn more about the autonomous SOC? Download the eBook.