CIO OPINION
This should lead to greater focus on analyst workload , which is long overdue . Currently , organisations lack an appropriate method of calculating analyst workload with majority of survey respondents saying their SOC doesn ’ t calculate it , and the next most common answer being that they use a basic time-per-ticket method . With 83 % of SOCs operating 24 by 7 and the majority of these delivering this capability through in-house resources , managing workload is important to maintain team wellbeing .
As the workforce embarks on the “ great resignation ”, all the above factors should sound warning bells alerting employers that they need to develop and protect their employees if they want to retain them .
Automation and data context drive efficiency
Another efficient way to mitigate the impact of escalating workloads on the SOC is through automation and orchestration , and here teams are also struggling . Automation and orchestration were only just behind skills shortages as the most significant challenge facing SOCs .
When you are short of staff and skills it is critical that mundane , repetitive and low value tasks are automated as far as possible , freeing analysts to focus on higher value activities that reduce time to detection and response and are more individually fulfilling . It also supports teams to meet performance objectives and handle the escalating volume of alerts .
There are some quick wins that can be implemented here . The study cites one respondent that has successfully deployed a portal integrating dozens of data sources which enabled consolidation of information from across the business . This resulted in a reduction in Level 0 to Level 2 response times by 25 %.
Several respondents cited the lack of context related to the data they are seeing as a major barrier to operating an efficient SOC . The SOC of the future will be increasingly data-driven , ingesting information from multiple sources within and outside the enterprise , but data without context or relevance simply overwhelms analysts .
This is a challenge ThreatQuotient has addressed in the latest iteration of our ThreatQ platform . It incorporates a DataLinq Engine for connecting disparate systems and sources to enable XDR , along with Smart Collections for driving automation , plus an enhanced ThreatQ Data Exchange for bi-directional sharing of data , context and threat intelligence . It allows teams to be more thorough in their investigations , collaboration , response and reporting – which is particularly critical in a remote working environment – and results in more efficient , effective operations . The benefits are measurable in terms of time savings and FTEs gained , improved risk management and greater confidence when detecting and responding to an event .
Supporting the SOC of the future
As SOCs look to the next phase , focusing on people , data and the technology that enables the two to work effectively together is key . By balancing automation to allow machine-based support where possible , together with the right tooling for human analysts , SOCs can drive improvements while also keeping analysts engaging and giving them more time to upskill into key areas such as threat hunting . p
46 INTELLIGENTCIO MIDDLE EAST www . intelligentcio . com