Hi community members,
We would like to hear your insights on the latest trends in SOC. What are you seeing in the field or forecasting?
Please share your opinions on how these trends are going to influence the future of the relevant tools and solutions used in SOC.
Thanks!
- Decentralization: SOC Analysts do not sit in one room, not even work for one company or in the same country.
- More threat Intelligence: better IT-Feeds with more precise IOCs.
- Greater mandates: SOCs are increasingly mandated to isolate or shut down entire infrastructures. It is not a matter of the C-Level anymore.
Evgeny,
My personal experience tells me that SOC will be driven by next-generation platforms that can enable multiple use cases instead of just SIEM. The current SOC with a SIEM approach lacks the following aspects:
1. Data architecture platform which is not built on top of Big Data - which significantly hampers the way data is being processed and correlated.
2. Capabilities to do anomaly detection to screen out the majority of noises that are being detected.
3. Capabilities to do User and Entity Behavioural Analysis to map against Insider threat.
4. Capabilities to do Threat Hunting easily
We are looking towards an elaborated platform that can perform all these functionalities in a simple yet robust architecture. Instead of focusing on SIEM to solve all the SOC problems, and on the other hand, you will then have to invest in many different solutions to perform those lacking capabilities, managing the disparate platform in a SOC is proven to be very challenging.
Now the trend is shifting towards an Open Platform for Detection and Response - as all of the capabilities can be built into a single platform with off course a significant reduction over the cost of investment. Utilizing AI to reduce the gap of skillsets required to manage and operate the SOC, leading to more effective human resources for managing a more complex threat detection.
I personally recommend SOC platforms like Stellarcyber.ai.
Security operations center (SOC) technology has been moving towards greater automation and machine learning (ML) in the last few years. The rapid evolution of cyber threats and attack surface expansion is also pushing SOCs towards focusing on efficient threat detection.
The following are the latest SOC trends shaping the industry:
User and entity behavior analysis (UEBA) - Behavioral analytics is gaining popularity among SOC experts because attackers can still not accurately mimic user and system behavior. Powered by machine learning technology, UEBA cuts through the noise and speeds up threat detection.
Building hybrid SOCs with outside help – More and more modern SOCs are reaching out to third-party security service providers to reduce the pressure on their internal teams. The cybersecurity skills shortage, a barrage of alerts, response fatigue, and a large attack surface have motivated organizations to work with external cybersecurity experts. Hybrid SOCs are also more cost-efficient and scalable.
Cloud-native SOC strategy – The global shift towards cloud computing has introduced newer, more challenging cyber threats. Cloud-based systems need a cloud-native security strategy for comprehensive security. The era of SOCs confined within the walls of a data center has passed. Modern SOCs are remote, agile, and cloud-based.
Hi,
UEBA, AI and ML.