Existing tools such as security information and event management (SIEM) and security orchestration, automation and response (SOAR) solutions may be used by a SOC, but that entity’s job is to see the big picture. Communication is critical to the mission.
“One of the things that we’ve seen is that in SOC teams and IT ops, there’s starting to be some sharing that’s created around silos,” said Larry Burke, principal and vice president for global security strategy at CDW.
But it’s not just IT professionals who need to talk; it’s organizational leaders. The state of security today is one of change management, not technology, Burke said: “Somebody is going to sign the check,” and that person needs plain-language insight that tools and data alone cannot provide.
EXPLORE: Why has zero trust has become an essential security strategy?
Talent Drought? Automation to the Rescue
“I get asked all the time what the biggest threat in cybersecurity is now,” said Apollo Hernandez, security adviser at Splunk. “Some will say insider risk, others will say ransomware. I think it’s lack of people.” Hernandez’s insight is backed by his peers: 66 percent of security leaders say staffing is a challenge.
The SOC is part of the solution here, and the growth of SOC as a Service offerings reflects the reality that in-house talent is often unable to fill the gap. SIEM tools such as Splunk’s that offer holistic insight into other tools may also help organizations overcome their security staffing issues.
