For decades now the security industry has chased after the perfect machine to run the Security Operations Center (SOC). The crushing volume of threat activity and challenges of staffing up qualified analyst teams has led many to hope they could automate their way out of the situation.
The problem with this is two-fold. First of all, today’s SOC automation — backed with Artificial Intelligence (AI) or not — don’t often work as effectively on modern threats as the marketers promise. More fundamentally though, the issue is that too much automated SOC technology has been conceived as a method to replace and remove the analyst rather than augment and improve how they actually do the daily work of protecting their organizations. This is a troubling design flaw that completely discounts the crucial role that people play in the sustainability of today’s SOC.
The sooner organizations can come to grips with the fact that without smart humans there is no SOC, the faster they can start picking services and technology that helps them to get the most out of their SOC investments.