PAC Predictions 2021: Automated SOCs – as cyber security capabilities become the main source of C-Suite focus, expect to see automated SOCs
With automation touching on every aspect of the modern enterprise, it is no surprise to see more examples of the technology applied in a cyber security context. Security operations centers (SOCs) are key assets for enterprise cyber security, playing a vital role as the cyber security control tower. SOCs are based on the analysis of events and, as with most analytical tools, the more events they can analyze, the better they are.
The combination of cheap cloud compute power with AI in near real time produces very efficient SOCs that use machine learning and that are capable of contextual and behavioral analysis. Understanding attack modeling in a complex environment involves determining which systems, people, and processes have access to valuable information, and is an important component of advanced SOCs. The key differentiator of a more “intelligent” SOC will be its ability to assess risks instantly and vary its responses accordingly. The advanced SOC will employ machine learning to identify high-risk events and then automatically initiate remediation activities.
Many organizations suffer from an increase in attacks and security-related incidents, but at the same time cannot find a sufficient number of new employees to adequately address threats. Service providers face the same challenge. Therefore, for many of them the time is right to think about using AI for monitoring and other standard tasks, including mitigation proposals, to free up time for their human analysts for complex and tricky tasks.
PAC expects the market for AI in SOCs to ramp up quickly in the next 6+ months, for solution providers, managed service providers, consultants, and system integrators.