When automation is balanced between humans and machines, we can ensure teams always have the best tool for the job
As Security Operations Centers (SOCs) narrow the focus of their mission to become detection and response organizations, they need three main capabilities in place to prepare their SOC of the future. I’ve talked about the first two already – a data-driven approach to security and an open integration architecture. When security is data-driven, teams have the context to focus on relevant, high-priority issues, make the best decisions and take the right actions. Data-driven security also provides a continuous feedback loop so that teams can capture and use data to improve future analysis. An open integration architecture enables data to flow throughout the infrastructure and ensures systems and tools can work together.
The third building block for the SOC is automation. Some people talk about automating everything within a SOC. However, that can lead to many challenges. A balanced approach to automation is needed because SOCs are nothing without the expert analysts that run them. Balancing automation with human intelligence and analysis allows teams to always have the best tool for the job. Repetitive, low-risk, time-consuming tasks are prime candidates for automation, while human analysts take the lead on irregular, high-impact, time-sensitive investigations with automation simplifying some of the work.