It’s no secret that the job of SOC teams continues to become increasingly difficult. Increased volume and sophistication of attacks are plaguing under-resourced teams with false positives and analyst burnout.
However, like many other industries, cybersecurity is now beginning to lean on and benefit from advancements in automation to not only maintain the status quo, but to attain better security outcomes.
Automation across multiple phases of the SOC workflow
The need for automation is clear, and it is apparent that it is becoming table stakes for the industry. Of all cyber resilient organizations, IBM estimates that 62% have deployed automation, AI and machine learning tools and processes.
Up until now, much of these advancements in automation have been focused on response, with SOAR and incident response tools playing an instrumental role in tackling the most urgent phase of the SOC workflow.
Centring the focus only on response, however, means we’re treating the symptoms instead of the root cause of the disease. By breaking down the SOC workflow into phases, it is easy to see more instances where automation can improve the speed and efficacy of security teams.
The four phases where it is possible to expand coverage of automation include:
images from Hacker News
Recent Comments