Page 153 - Cyber Defense eMagazine January 2024
P. 153
SOC roles aren’t for the faint of heart. At every level of the SOC, employees are under almost continual
pressure because failure might have catastrophic consequences for the business. SOC work is
challenging and demanding. A staggering 71% of security leaders and non-management personnel rate
the pain of SOC staffers at 6 through 9 on a scale of 10.
The good news is that we are seeing more organizations turn to automation to augment the work of their
SOC analysts by shifting some of the more monotonous tasks and enabling analysts to focus more on
the threats most important to their organization. However, this shift takes time, and threats continuously
evolve, which means SOC roles also continue to change. To be effective today, Tier 3 analysts must be
more skilled and aligned to business objectives.
Deep disconnects remain between SOC leaders and staff, and teams don’t feel heard or taken seriously
about burnout-related issues. 45% of SOC analysts surveyed said their leadership hadn’t responded
proactively to burnout.
Time to assess your technology stack.
The issues of SOC hiring and retention must be addressed in part by assessing an organization’s
technology stack. Having comprehensive visibility is the foundation of this. Fortunately, there are security
solutions today that are easily implemented and can provide visibility into all parts of an organization’s
operations, gathering logs and insights in one place.
It's not just visibility that matters; it’s also about what’s done with the data, which means it must be usable.
The dynamic scalability of cloud-based security analytics tools allows them to take in all of the data and
then process it in real time. Organizations are investing appropriately to ensure they can switch to a real-
time alert detection, investigation and response framework now that the capability exists.
Adopting a wider application of artificial intelligence and machine learning is the third move toward
upending outdated methods. The AI/ML tools available now are excellent, and they’ll only get better.
Specifically, new capabilities include autonomous alert triage, where AI-driven systems rapidly assess
and prioritize alerts, and proactive threat hunting, where machine learning algorithms uncover hidden
threats. This is advantageous for SOC teams and CISOs who are able and willing to adopt these
technologies, transforming their SOC teams from front-line gatekeepers into guardians and instructors of
rapid automated response systems.
Implementing more automation will be key. According to the survey, 55% of SOC practitioners want their
leaders to invest in automation, among other solutions/resources they said they desired.
Attending to the SOC team
Burnout is impacting organizations’ security posture in a real way. 83% of IT security professionals in the
Wakefield Research study reported that they or a member of their department have made mistakes due
to burnout that led to a network breach; 39% have experienced this more than once. Ensuring that SOC
analysts find meaning in their work is another key component to addressing the burnout challenge. By
Cyber Defense eMagazine – January 2024 Edition 153
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
