It’s Time to Move Toward the Autonomous SOC

August 31, 2021

  • Security Operations Center (SOC) teams face an ever-growing number and variety of challenges: sophisticated threat actors, more alerts to sift through than there are hours in the day and the burnout of SOC analysts who are working hard to keep pace
  • Those challenges, combined with an explosion of organizational data that needs to be protected, require a new type of SOC




What Is Needed?

The SOC of the future will continue to perform the same critical functions it does today. But the work will be done differently. A new SOC model is essential to enable organizations to stay ahead of the exponential increase in data, the continued shortage of skilled analysts and the volume and severity of cyberattacks. This new model — the autonomous SOC — must enable teams to focus on their top priority: delivering positive security outcomes.



How Will the Autonomous SOC Work?

All technologies must evolve to meet changing environments and user needs and SOCs are no exception. The key to the autonomous SOC is successfully deploying automation driven by artificial intelligence (AI) to handle the repetitive tasks of reviewing alerts to determine which require action.


When that happens, analysts will focus on hunting, investigating and responding to threats. Analysts will be using their skills and experience to perform in-depth analyses of threats and how to eradicate them. It’ll make organizations more secure and less vulnerable to sophisticated attacks.


The autonomous SOC will:


  • Deliver complete visibility, automation and analytics to SOC teams
  • Provide analysts with access to the latest community expertise, content and threat intelligence
  • Integrate seamlessly with other security and IT tools
  • Deliver fast, effective detection and incident response to resolve threats on large-scale, cloud-first infrastructures



What Benefits Will It Deliver?

The autonomous SOC will deliver numerous benefits for SOC leaders and analysts as well as the organizations they serve.


For SOC leaders:


  • SOC teams will easily ingest all of the organization’s data from any infrastructure and applications, giving security teams full visibility across the entire attack surface.
  • Combining detection, investigation, hunting, automation and forensic analysis into a single easy-to-use platform will help security teams respond to threats quickly and decisively.
  • Access to a community-based content marketplace will extend security teams’ capabilities and make it easy for analysts to expand their expertise by leveraging communities across a wide range of use cases.


For SOC Analysts:


  • Analytics, AI and machine learning (ML) will alleviate threat alert fatigue by improving alert quality to differentiate between low-impact and high-impact alerts by sifting through all of the data to detect threats before they become breaches and identify attacks before they cause damage.
  • Burnout will be reduced by automating triage, investigation and hunting. Automation also will result in fast, effective detection and incident response to rapidly resolve threats whether on-prem or in the cloud.
  • Analysts will evolve from being risk commentators to becoming risk advisors. This will elevate analysts as business experts who apply their knowledge to deliver exceptional outcomes.


Security teams are moving closer to providing their organization with a more comprehensive, valuable and resilient security posture than has ever been possible with each step closer to autonomous SOC. It’ll be fascinating to see where it leads and how it improves all aspects of organizational cybersecurity.

Gary Pelczar
Global Alliance Lead | Devo
Gary Pelczar leads global alliances for Devo, the only cloud-native logging and security analytics platform that releases the full potential of an organization's data to empower bold, confident action. He is responsible for defining and executing Devo's strategy for growing the company's channel sales. Gary joined Devo from Exostar where he was head of business development and channel and built new routes to market that helped Exostar expand into new territories. Earlier, he spent more than 15 years in the security industry building out partner ecosystems for small startups in new market segments as well as large organizations such as the former Computer Associates (CA), now Broadcom. Gary’s channel and business development experience with large and small companies, combined with having run product management teams, gives him a unique and broad perspective on the critical importance of product strategy and indirect routes to market for a company’s growth and success.