The work of a SOC analyst was never easy. Faced by the overwhelming flood of daily alerts, analysts (and sometimes the team that doubled Secops) need to try thousands of security alerts to identify a small number of actual threats. there is. This relentless 24 -hour work is paid attention to the increase in the risk of fatigue, detachment, and serious security incidents. According to the survey, 70 % of SOC analysts have experienced serious stress, and 65 % are considering quitting their jobs within one year. This is a major issue for security teams, especially in the light of the existing security analysts.
In terms of operation, analysts spend more time on repeated manual tasks, such as alerts, solving and documenting, and documentation, and writing, rather than aggressive security measures. The security team is struggling with the configuration and maintenance of the Soar Playbook as the cyberlandscape changes rapidly. In addition to this, the overload of the tools and the siloized data analysts are forced to navigate the cut security platform, creating inconvenience, but more critically identifies the true positive. I missed the correlation between events.
AI-mounted threat actor -Yikes!
The above is worse due to the fact that threat stakeholders use AI to move cyber crimes. By quickly processing a huge amount of data, AI can start a large -scale attack that is more effective, adapted and difficult to detect. The AI tools generate very compelling fishing emails, deep fake content, and social engineering scripts, making it much easier for inexperienced attackers to deceive. You can also use AI to automate the discovery of vulnerabilities by using AI to write the security mechanisms of sophisticated malware and reverse engineers and analyze large vulnerable code base. In addition, AI -driven chatbots will be a real user, and will perform large -scale fraud, and provide step -by -step cyber crime guidance to beginners.
According to the 2024 cloud strike report, the attacker reduced the average breakout time to succeed from 79 minutes to 62 minutes, and the fastest known breakout time is only 2 minutes and 7 seconds. Even if the best detection tools and dozens of analysts are available (dream scenarios), the huge amount and speed of today’s cyber attacks require that the SOC team will move faster than ever. , Triage the amount of alerts generated by manually reviewing in some way. This is literally impossible to mission. No more.
Modern SoC Strikeback -Perfect Blend of AI and human loops
If you are a SoC analyst or CISO, you know that I was not exaggerated how bad I was. However, the tide is spinning. SOCS’s new AI tools can process all types and all security alerts for human teams, and can focus on actual threats during record times. You can get a glimpse of what some early adapters have experienced.
Automatic triage
Many vendors now provide automatic security alerts that significantly reduce the number of alerts that human analysts need to investigate. Multiple vendors provide automatic triage of specific use cases such as fishing, endpoints, networks, and cloud (using triage playbooks created by human security experts), but the ideal scenario is all. For AI -drive SOC analysts that can interpret type security alerts. Sensor or defense system. In this way, all security events, from the most common to the most unclear ones, can triage completely. Again, transparency plays a major role, and the actual logic of AI triage (up to all steps) can be easily used by human analysts as needed.
Completely control the response to actual threats
The SOC platform equipped with AI generates an accurate response suitable for a specific threat (without a headache without all compositions and maintenance, provides the same value as soar), but makes the loop a loop. , A function to confirm, accept, change, or execute the proposed restoration.
Chatgpt (or Deepseek) will participate in the team
By utilizing the generated AI, the SOC team can investigate new threats, the latest attack methods, and best practices to fight them. Chatgpt -like tools are incredible to increase quickly to the fact that all topics and security are included. Analysts will access related solutions and easily learn.
Data query, log interpretation, abnormal detection
SOC analysts have no choice but to struggle with syntax. Instead, if they can use natural languages to find the necessary data and understand the importance of specific logs or datasets, the AI solution can provide immediate clarification. When analyzing thousands of log integrated datasets, the abnormality detection of the embedded can help identify an unusual pattern that may guarantee a further investigation.
More data of AI hungry for data. No insane bill.
The AI tools are hungry for data to learn patterns, predicts, and improve accuracy over time, depending on the huge amount of information. However, conventional data storage is very costly. Future technology has made it possible to promptly query logs and other data from ultra -high -cold storage such as AWS S3. This means that a SOC platform equipped with these AI can quickly access, process, and interpret a huge amount of data. Similarly, for humans. As a CISO or VP security, data can be fully controlled without lock -in in vendors, and analysts can provide unlimited query functions and unlimited maintenance for compliance.
Everything moves faster
In the previous century, social interactions were much slower. If you want to connect with someone, you had to call their landline, send them, send a letter, wait for days to respond, or meet directly. Fast forwarding in 2025, the communication was immediately seamless with instant messaging, social media, and AI -led communication. The same conversion is also performed in security pelations. Conventional SoC depends on manual triage, long survey, complex soaring configuration, and slow response time. However, with a SOC solution equipped with AI, analysts do not need to sifting infinite alerts or manually creating repair procedures. AI automates triage, verifies the actual threat, suggests accurate restoration, significantly reducing workload and response time. AI is reconstructed SOC operation. It uses faster, smarter and more effective security than a large -scale.
In summary, SOC analysts are suffering from alert volumes, manual triage, and cyber threats escalates, which leads to burnout and inefficient. On the other hand, threat actors use AI to automate attacks, making them more quicker than ever. Good news is that modern SoC has evolved with triage, automated restoration, and natural language -led data queries, and analysts can focus on actual threats instead of boring processes. is. With AI, SOC is getting faster, smarter and more scalable.
Are you interested in learning more? Download this guide to know how to make SOC more efficient, or participate in an interactive product tour to learn the details of AI SOC analysts.
Source link
