SOCs Use Automation to Compensate for Training, Technology Issues

Executives and front-line SOC teams see human and technology issues in much different ways, according to two new reports.

A Security Operations Center is an expensive resource for protecting enterprise computing and network resources. A handful of factors can keep an organization from getting the most from the resources — and a recent study shows that those factors are more common than some would think.
A recent study by Exabeam resulted in the
2018 State of the SOC Report
which has sections on how SOCs are built and staffed, and how employees at various levels of the organization see the SOC. In key areas, people at different organizational levels have very different views of the issues that exist.
In terms of importance, upwards of 62% of people who work in the SOC see inexperienced staff as a key pain point, says Stephen Moore, vice president & chief security strategist at Exabeam. Only 21% of those at the C-level think that this could be an issue.
The divide is important, as indicated in another report, the
2018 State of Security Operations
report, published by Micro Focus. According to the report, among the factors credited with improving SOC operations are the continuity and retention of key security personnel, and insight into the applications, data, systems, and users most likely to impact customers. That insight may be compromised when executives and front-line personnel have radically different views of the security landscape.
Experience level isnt the only area where there is divergence of opinion. Moore says. Technology is twice the pain point for line people as for the C-suite. The Micro Focus report is quite specific on the nature of the pain. Most security operations centers continue to be over-invested in technologies that inform them of a problem, yet truly struggle to protect, detect, respond, and recover from the cyber security attacks they fail to discover.
A growing number of organizations are looking to continuous security, or DevSecOps, to optimize the effect of the people and technology they do have in place. The State of Security Operations report points out that, 20% of cyber defense organizations that were assessed over the past 5 years … continue to operate in an ad-hoc manner with undocumented processes and significant gaps in security and risk management. While still high, those numbers represent improvement over time.
Moore says that improvement has to come through automation and continuous response. Its not enough to find something bad; you have to use your [organization] to respond, he says, adding, Youre seeing orchestration happen, which is sort of the SOCs version of DevSecOps. Its bringing all the pieces in together to help win the security fight.
One of the most important results of using the assets of the organization to be proactive is that the SOC has to become more friendly to the rest of the organization, Moore says. Its meeting before a crisis and agreeing to a response, he explains. Its a low-friction/high-trust response. Thats really cool, and thats the promise — more communications at a human level.
The planned and automated response can help reduce the impact of both reduced staff training and outdated technology. And in security, making the most of what the organization has is critical. Its important to be able to run a playbook, Moore says, noting that doing so, …takes a lot of the pain, a lot of the sting, out of the SOC. In the end, he says the SOC is a pain center, and this is a soothing agent. As a security executive its your job to remove pain.
Related content:
At RSAC, SOC Sees User Behaviors
CrowdStrike Introduces New Automated Threat Analysis Solution to Deliver Predictive Security
3 Security Measures That Can Actually Be Measured
SOC in Translation: 4 Common Phrases & Why They Raise Flags

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the
conference
and
to register.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
SOCs Use Automation to Compensate for Training, Technology Issues