4 Challenges of the SOC: How Decision Intelligence Can Help | eWEEK
Networks and the valuable data they hold are under attack as never before. That’s bad timing for today’s digital organizations, as they continue to struggle to find anyone with cybersecurity skills, much less the experience and qualifications they truly need to fill their roles.
Too many alerts and repetitive tasks done by too few people lead to burnout and turnover, which further weakens an organization’s security posture.
Decision intelligence can address each of these issues, strengthening cybersecurity and creating greater job satisfaction for some of the most highly prized and direly needed employees an organization has today.
In this article, we outline the four major challenges facing security operations center (SOC) teams today and provide insight on how automation and artificial intelligence can help address these problems.
Also see: Top AI Software
1) The Cyber Skills Gap
The cybersecurity skills gap persists as hiring and retention issues are becoming increasingly difficult. According to a new ISACA study, 63% of responding firms have unfilled cybersecurity positions, an increase of 8% since 2021.
The report also revealed that 62% of respondents believe there aren’t enough staff on their cybersecurity teams, and 20% say it takes over six months to locate qualified individuals for vacant positions. There is now a 2.7 million-person cybersecurity skills gap in the world.
In addition, according to the National Institute of Cyber Education (NICE), about half of all managers believe their candidates are unqualified for the roles they are vying for. And in an ISACA survey, 16% of respondents said it takes six months or more on average to fill a new cybersecurity role. There’s an insufficient number of people and there’s a need for more training.
2) Too Many Alerts
SOC staff face an all-day stress scenario. As bad actors become more sophisticated and threat landscapes expand, the number of alerts analysts are dealing with has reached a crescendo. Research by Forrester analysts finds that SOC teams receive an average of 11,000 alerts per day.
And on top of that, many of those are false alerts. IDC’s 2021 “Voice of the Analysts” survey found that at least 45% of incoming alerts are false positives. Analysts are spending time inefficiently wading through these, leading to alert fatigue.
3) Repetitive, Unfulfilling Tasks
Although the use of automation is increasing across industries, many security analysts still report that they spend the majority of their workday doing routine tasks.
A variety of factors could be at work here, including a lack of time to implement new tools, a lack of experts to properly configure the tools, and the need to change existing processes. This also harkens back to the prior point – they are wasting time on false alerts.
Also see: Top Data Visualization Tools
Too many alerts, too many false positives and too many repetitive tasks contribute to the issue of burnout. Because so many organizations depend on their technology, any interruption or security event can result in lost revenue and a negative impact on company reputation. Analysts who are already overburdened will face additional work and stress as a result.
In fact, one recent study found that 71% of SOC analysts feel burned out. Increased workloads might also mean less time for upskilling, making analysts feel like they’ve been painted into a corner.
Also see: The Successful CISO: How to Build Stakeholder Trust
How Decision Intelligence and AI Can Help
The status quo in the SOC is untenable: leaders are having difficulty finding qualified staff, and the staff they already have are soon burned out. This, however, does not have to remain the case.
As previously stated, decision intelligence is the use of modern technologies such as artificial intelligence (AI) to expedite decision-making and scale people’s ability to handle tasks unique to their job description.
Existing analysts can manage workloads more quickly and easily with decision intelligence The ability of any AI tool to learn and adapt to the uniqueness of each business should be its primary capability. It should be able to help with decision-making in terms of subject expert knowledge as well as organizational context.
It can relieve analysts of the load of assessing thousands of daily alerts, freeing up time and lowering the risk of human error. They can also devote time to more meaningful work, as well as upskilling and other development and training activities, as a result of the time savings they gain.
For the modern SOC, it’s critical to add “intelligence” to the automation of operations. AI can aid decision-making and automate manual, repetitive processes with greater efficiency as it works in tandem with subject expert knowledge and as it learns the distinctiveness of the organization.
Also see: Secure Access Service Edge: Big Benefits, Big Challenges
About the Author:
Horia Sibinescu, CMO, Arcanna.ai