When SOCs never stop: How to fill the intelligence gaps in security - Help Net Security

When SOCs never stop: How to fill the intelligence gaps in security - Help Net Security

Demand for security analysts and security operations centre experts is high – so high that Frost and Sullivan found only two percent unemployment in the sector and that demand continues outstrip the supply of newly skilled professionals. (ISC)² suggests that the number of skilled professionals will have to grow from 2.8 million worldwide to 4.07 million to close the skills gap.



All these roles will require the right skills and the right data. Alongside filling those positions effectively, supplying the right insight on what is taking place will be essential. Without the right level of insight, these roles can easily be overwhelmed by the sheer volume of alerts and false positives.


Filling the security information


The main problem is that there is so much information coming into the SOC continuously that keeping up is a near-impossible task. Without the right approach in place, it becomes easy for analysts to be overwhelmed by the wrong kinds of signals.


Filling the information gap therefore involves looking at how to make the most of the data that is coming in, without paralyzing the process or relying on manual intervention. While artificial intelligence and machine learning have been suggested as routes to achieving this, in reality they will only be part of the approach. Achieving the right security posture will instead involve looking at the data, the analysis and the real-time requirements together.


Typically, security teams use alerting and information from their tools to flag suspicious activity that is taking place. This data tends to flow int ..