Setting the research agenda at Osterman Research is a never-ending process of looking at possibilities, gathering early intel on the importance of each topic, and filtering a larger list to focus on the critical topics that can move-the-needle for cybersecurity at organizations. Many projects that end up on our agenda come about naturally from our ongoing wider research programs. Some, however, are suggested to us.
Our latest research agenda program fits in the latter category. When we were looking at possibilities for 2024, a client suggested:
Something around how the security industry is evolving to make the SOC more efficient and reduce stress and burnout would be good. For example, the H/M/L prioritization of alerts didn’t really do much. What are vendors doing that works, and what doesn’t work? (There could be a little AI in here, but it would be good to go beyond that.)
That nudge (thanks, Bob!) became the origin point for our latest report, Making the SOC More Efficient (available on the main Osterman Research site). It’s a long paper (26 pages) that attempts to deal thoughtfully and in-depth with the topic, exploring the data points we captured through the survey and advocating a way forward. There is more than “a little AI” in the report, though, as this has become both the greatest threat (82.4% of security leaders said that “the use of AI by cyberthreat actors in cyberattacks” was “very impactful” or “extremely impactful” – the highest-rated trend in this research) and one of the greatest tools for defenders (via the rise of AI-enabled cybersecurity solutions).
Some of the key takeaways from the research:
- Current SOC approaches have hit the wall
Confidence in the ability of the SOC to protect against the threats detected by their security tools has dramatically increased during the past two years, but this increase in confidence is expected to rapidly crater. The innovations that drove increased SOC performance over the past two years do not contain the necessary ingredients to continue driving performance over the next two. - Specialized threat intelligence to eliminate false positives, AI for behavioral analysis, and autonomous remediation seen as top innovations
The three innovations seen as most likely to drive SOC efficiency and reduce stress and burnout among SOC analysts are the use of specialized threat intelligence to eliminate false positives; using AI for behavioral analysis in investigating alerts and autonomously creating or updating detection rules; and autonomously remediating incidents without SOC analyst intervention. Almost half of respondents gave two AI-powered defensive innovations the highest rating. - New innovations improve SOC metrics by a composite average of 35%
All organizations in this research are already experimenting with at least one new approach to improving the efficiency of their SOC. The most impactful innovations on key SOC metrics (time to begin working on an issue, time to close an incident, and number of false positives) are AI behavior analysis with autonomous rule creation/updating, AI behavioral modeling for detecting baseline deviations, and autonomous remediation of incidents.
If SOC efficiency is in your wheelhouse, we’d love you to get a copy.
This program was sponsored by Dropzone AI, HYAS Infosec, Radiant Security, and Sevco Security.
Leave a Reply