Cloud computing and IT modernization have created a more complex threat landscape, and security analysts are struggling to keep up. Security operations centers (SOC) are in need of an upgrade. The proliferation of cloud and hybrid environments simply creates more to protect, said Andie Schroeder, program director of product management at IBM Security, at RSAC 2023.
As the threat landscape expands, it is taking longer to discover possible cyber incidents. In an IBM study, nearly half of the respondents said the average time to detect and respond to a security incident has increased over the past two years, and SOC teams stated they spend about a third of their typical workday investigating incidents that are false positives or low priority.
And today’s SecOps doesn’t always lend itself to help analysts. It focuses on technology and relies on tools rather than focusing on the human element of cybersecurity. At the same time, the skills shortage has burdened SecOps teams with more work and fewer employees. It doesn’t help, either, that security efforts are often isolated, and analysts work in a closed ecosystem.
It’s little wonder that analysts are overwhelmed. The solution is to look at moving out of a siloed security approach to a unified security environment.
Recognizing the challenges in the SOC
Before you can fix a problem, you have to identify your greatest challenges. According to Schroeder, these are the four biggest problems facing the SOC today:
1. Poor visibility. Two out of three organizations say their attack surface has expanded in the last year. A growing lack of visibility creates blind spots that attackers can then exploit.
2. Dis ..
Support the originator by clicking the read the rest link below.
