Working in a Security Operations Center (SOC) is like working in the emergency room at 2am on weekends. The steady stream of new alerts calling for attention and the lack of trained personnel combine to create a miracle in which everything seems to be resolved with strings and prayers.
The question is when will the luck run out?
lately study Since the beginning of this year, 64% said they are likely to change jobs next year due to the level of stress they are experiencing in their positions.
Corporate security teams and others managing the security of large enterprises rely on SOC analysts to orchestrate, investigate, and typically wrangling complex alerts from all disparate systems.
And there are many challenges.
So how can organizations that rely on SOC analysts retain their talent and better prepare them for the potentially very challenging future?
Challenges facing SOC analysts
Taking a closer look at the report and other studies of the SOC, it is not surprising that so many analysts are on the verge of resigning.
According to the study, 53% said they were using 11-30 different security products.
This means that not only do they have to deal with the overload of warnings generated by these products, but they have little chance to actually learn how to use them to the fullest to get real value.
A lot of data is coming from many systems, including cloud systems, endpoints, threat intelligence, XDR, and more.
More tools mean more alerts. According to Forrester’s 2020 study, SOC analysts 11,000 notifications One day. More than a third of these are believed to be false positives, but still need to be classified and investigated.
Reducing the slogan of manual tasks for investigations, reporting, and other arduous laundry lists puts a strain on the SOC team. Not surprisingly, 66% of them believed that more than half of their tasks could be automated, allowing them to focus on tasks that actually require skilled attention.
Compounding their problem is the continuing shortage of skilled cybersecurity experts who can help SOC analysts carry their load. By some estimates, more than 3 million open cybersecurity seats worldwide are waiting to be filled.
Given these challenges, organizations will face an uphill battle that will make them more effective not only in keeping their employees at home, but in handling the avalanche of threats that actually strike them.
Here are some ideas they can do.
3 Tools and Approaches for SOC Support
The focus for improving SOC efficiency and resilience should be on choosing the right technology to reduce human workload, guiding you in the right direction against the most appropriate threats, and preparing you better for your mission.
machine learning implementation
Given the scale and speed of alerts, SOC analysts cannot expect humans to classify this amount of data, so they need tools to help block out as much noise as possible.
Machine learning techniques can be trained to detect threats and improve their accuracy over time. The two main goals here are to eliminate many false positives and provide context so analysts can be more efficient in their investigations.
Look for Suspicious Behavior
SOC is more than just a collection of human antiviruses looking for unacceptable signatures on the list. With more and more attacks targeting resources by compromising the identity layer, understanding how users should use the system is essential.
User behavior analysis helps you learn what the baseline for normal behavior is and alert you to activities that could be indicative of a breach.
This can include large data transfers, failed login authentications, and access to sensitive areas outside of systems that employees regularly use.
Continue to educate your team
Buying the right security product is important, but the most valuable asset in an SOC is its analysts. Invest in them.
We’re throwing more and more tools at SOCs, but unfortunately they’re not actually teaching them how to make the most of the tools and data they’re collecting. We can do better.
Invest your time and resources in regular training sessions to provide your team with the resources to do both structured and unstructured learning. Work with vendors to set up functional training sessions for analysts to familiarize analysts with the tools.
We sponsor certification and offer to attend industry training events.
As you deepen your education and become more tech-savvy, your organization will be better off with more skills. This is great for analysts to feel they are investing in the organization rather than being treated like a meat grinder.
Don’t work harder, work smarter
Because SOC analysts are the first line of defense and carry the weight of corporate information security responsibilities on their shoulders, it is no wonder that analysts in this department find an easier path in their InfoSec careers.
SOC analysts agree that we need to work smarter, not harder. In practice, this means that more tasks can be automated, allowing more effort to focus on tasks that require more human attention. Companies that recognize this and act right will benefit from a more motivated and capable workforce.
Organizations can now invest in the right tools, practices, and ongoing training to not only retain a great workforce, but to make them more effective for the future and improve the effectiveness of security responses in their processes.