Help is on the Way: How Automation Will Boost SOC Performance and Reduce Analyst Burnout

October 28, 2022

  • Security professionals cite emerging technologies such as artificial intelligence, advanced analytics and machine learning as key to staying ahead of the volume and severity of cyberattacks.
  • Workflow automation and implementing advanced analytics are needed to help overworked SOC analysts focus on delivering positive security outcomes.



The SOC is the engine that protects organizations worldwide today. Its core mission remains to help the enterprise manage cyber risk, but what is changing is the mechanics of the operation.


For example, cloud adoption significantly broadened the enterprise footprint in recent years. Data and applications that resided in on-premises servers are now scattered in cloud systems and data centers — sometimes in different parts of the world.


It's clear that a new SOC model is required for organizations to stay ahead of the exponential increase in data, the volume and severity of cyberattacks and the continued shortage of skilled analysts. What’s coming? Automation.


A global survey of more than 1,000 security professionals report that emerging technologies such as workflow automation, artificial intelligence, advanced analytics and machine learning as keys to staying ahead of the volume and severity of cyberattacks. Almost 40% from the survey say workflow automation and implementing advanced analytics are needed to help overworked SOC analysts focus on their top priority: delivering positive security outcomes.


Based on survey feedback, the new SOC model going forward needs to:


  • Deliver complete visibility, automation and analytics, along with access to the latest community expertise, content and threat intelligence
  • Integrate seamlessly with security and IT tools
  • Enable SOC leaders to automate triage, investigation and hunting
  • Deliver fast, effective detection and incident response to resolve threats on large-scale, cloud-first infrastructures


Defining and measuring security visibility across every aspect of your IT infrastructure is crucial to keeping data out of cybercriminals’ hands. Security visibility requires cloud-scale SIEM capabilities for data ingestion, high-performance query capabilities and an intuitive user interface for security operations processes.


These combined capabilities will enable overburdened SOC analysts, who are burning out from the pressures of their work, to focus on the most critical issues so they can perform faster, more effective incident response and detection to resolve threats decisively.


For example, deploying AI-driven automation to handle the repetitive tasks of reviewing alerts will free analysts to focus on hunting, investigating and responding to the threats that matter most to their business. This will make their work more fulfilling, improve SOC team morale and alleviate analyst burnout.


Automating routine tasks gives Tier-1 analysts more time for training and development. It enables them to collaborate with experienced colleagues on the critical work of identifying and stopping the most dangerous threats. Organizations get a team of better-trained, more experienced analysts who have greater job satisfaction. This means they’re more likely to stay with the organization long-term because they know they’re making a meaningful contribution to its success.


The SOC of the future still will perform its primary function — but in a different way. The next-gen SOC is going to reinvent how security teams work by delivering complete visibility, analytics and access to the latest expertise and content.

Gary Pelczar
Global Alliance Lead | Devo
Gary Pelczar leads global alliances for Devo, the only cloud-native logging and security analytics platform that releases the full potential of an organization's data to empower bold, confident action. He is responsible for defining and executing Devo's strategy for growing the company's channel sales. Gary joined Devo from Exostar where he was head of business development and channel and built new routes to market that helped Exostar expand into new territories. Earlier, he spent more than 15 years in the security industry building out partner ecosystems for small startups in new market segments as well as large organizations such as the former Computer Associates (CA), now Broadcom. Gary’s channel and business development experience with large and small companies, combined with having run product management teams, gives him a unique and broad perspective on the critical importance of product strategy and indirect routes to market for a company’s growth and success.