{"id":4528,"date":"2023-05-24T17:29:06","date_gmt":"2023-05-24T21:29:06","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=4528"},"modified":"2024-07-15T11:23:19","modified_gmt":"2024-07-15T15:23:19","slug":"what-to-consider-when-building-an-autonomous-soc","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/what-to-consider-when-building-an-autonomous-soc\/","title":{"rendered":"What to Consider When Building an Autonomous SOC"},"content":{"rendered":"

\"autonomous<\/p>\n

Solutions Review\u2019s\u00a0Contributed Content Series<\/u><\/a> is a collection of contributed articles written by thought leaders in enterprise software categories. <\/strong>Gunter Ollmann of Devo<\/a> offers a crash course on autonomous SOC, laying down the foundation on what to consider when building yours.<\/b><\/em><\/p>\n

Today\u2019s threat landscape demands more from IT and security professionals than ever before. Schools are being forced to shut down due to ransomware attacks, major brands are falling victim to reputation-harming data breaches, and an explosion of connected devices has broadened the attack surface. At the same time, cyber-criminals are getting smarter and savvier, developing new ways to evade detection software and make money.<\/p>\n

As cyber-criminals are getting more creative, the cybersecurity industry is improving and developing innovative solutions to protect businesses. Earlier this year, the FBI revealed it had turned the tables on the notorious Hive ransomware gang by secretly hacking the group\u2019s systems, saving $130 million in ransomware demands for more than 300 victims. Despite our best efforts, there are still elements holding us back as an industry and continuing to make organizations vulnerable to cyber-attacks. Prevention, monitoring, and mitigation all happen in the Security Operations Center (SOC), and, right now, SOCs are facing the perfect storm for cyber-crime: lack of visibility into complex operating environments, inability to analyze cloud-scale volumes of data, and an industry-wide shortage of cybersecurity talent. As a result, security professionals are experiencing widespread burnout and unrealistic workloads, which lowers their productivity and creates higher security risks.<\/p>\n

Autonomous SOC: Building Yours Right<\/strong><\/h2>\n
\n

A lot of the burnout security practitioners face is caused by alert fatigue. When alerts about potential cyber-attacks come in at a rate faster than SOC analysts can handle, analysts work longer hours and still miss important threats. To cut through the noise and focus on the attacks that matter most, SOCs need to take a cue from cyber-criminals and adapt to the current threat landscape: They need to start their journey to the autonomous SOC.<\/p>\n

Understanding the Autonomous SOC<\/strong><\/h3>\n

An autonomous SOC (ASOC) is composed of an artificial intelligence (AI) and\/or machine learning (ML) system that receives all of the data points coming in and assists with cybersecurity monitoring and mitigation. An ASOC is ideal for threat investigation since it can automatically detect suspicious activity, learn and correlate everything about the attack quickly, and provide analysts with the context they need to detect, isolate, and neutralize the attack easily and efficiently. The ASOC also filters out false negatives, allowing analysts to direct their focus on real threats and take immediate action.<\/p>\n

The ASOC helps alleviate many of the issues organizations face with their security posture \u2014 limited resources, overwhelmed analysts, and repetitive, monotonous tasks. AI and ML\u2019s ability to identify patterns and outliers boosts analysts with an actionable plan of prevention and mediation. An ASOC running in the background provides a much-needed extra layer of coverage to protect organizations, especially those dealing with understaffed SOCs due to recent layoffs throughout the tech industry.<\/p>\n

There are a lot of questions around autonomy and the SOC. Namely, will ASOCs replace human analysts? The short answer is no. Human and machine collaboration is necessary for success, especially regarding cybersecurity. ASOCs constantly evolve as they ingest data and assess new threats, which is why they will always need human analysts to create guardrails and provide feedback. ASOCs are designed to make analysts\u2019 jobs easier, not to steal them.<\/p>\n

What Organizations Should Consider Before Investing<\/strong><\/h3>\n

The ASOC is not a passing trend. It\u2019s where our industry is headed. IDC predicts that by 2026, 30 percent of large enterprise organizations will migrate to ASOCs for faster remediation, incident management, and response. Still, many executives misguidedly view the SOC as a department that exclusively costs the company money and does little \u2014 if anything \u2014 to drive revenue. As such, the shift to an ASOC may seem daunting or unrealistic to some organizations. Proponents of plans to build an ASOC might face pushback from others in the organization and need to justify the investment costs. The bottom line of an ASOC is to get more value out of the tools and workflows at the SOC\u2019s disposal. In the short-term, this means SOC analysts who are less burnt out, more engaged, and stay at the company longer. In the long-term, investments in cybersecurity save the company money in terms of reputational damage and customer loss if an attack or breach occurs.<\/p>\n

Another aspect to consider is timing. Ask yourself, “Is my organization ready for this transition?” Assess the maturity of the SOC and bring SOC analysts and leaders into the conversation. It\u2019s also important to note that moving to an ASOC doesn\u2019t have to be all or nothing; it\u2019s a journey.<\/p>\n

Keeping these elements in mind will help you to seamlessly transition to an automated SOC, the future of cybersecurity.<\/p>\n","protected":false},"excerpt":{"rendered":"

Solutions Review\u2019s\u00a0Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Gunter Ollmann of Devo offers a crash course on autonomous SOC, laying down the foundation on what to consider when building yours. Today\u2019s threat landscape demands more from IT and security professionals than ever before. Schools are […]<\/p>\n","protected":false},"author":679,"featured_media":4529,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[551,1],"tags":[2274,2276,2273,2272,1505,2275,172,282],"acf":[],"yoast_head":"\nWhat to Consider When Building an Autonomous SOC<\/title>\n<meta name=\"description\" content=\"Gunter Ollmann of Devo offers a crash course on autonomous SOC, laying down the foundation on what to consider when building yours.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/what-to-consider-when-building-an-autonomous-soc\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What to Consider When Building an Autonomous SOC\" \/>\n<meta property=\"og:description\" content=\"Gunter Ollmann of Devo offers a crash course on autonomous SOC, laying down the foundation on what to consider when building yours.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/what-to-consider-when-building-an-autonomous-soc\/\" \/>\n<meta property=\"og:site_name\" content=\"Best Information Security SIEM Tools, Software, Solutions & Vendors\" \/>\n<meta property=\"article:published_time\" content=\"2023-05-24T21:29:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-07-15T15:23:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2023\/05\/What-to-Consider-When-Building-an-Autonomous-SOC.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Gunter Ollmann\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Gunter Ollmann\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/what-to-consider-when-building-an-autonomous-soc\/\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/what-to-consider-when-building-an-autonomous-soc\/\",\"name\":\"What to Consider When Building an Autonomous SOC\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/what-to-consider-when-building-an-autonomous-soc\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/what-to-consider-when-building-an-autonomous-soc\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2023\/05\/What-to-Consider-When-Building-an-Autonomous-SOC.jpg\",\"datePublished\":\"2023-05-24T21:29:06+00:00\",\"dateModified\":\"2024-07-15T15:23:19+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/670b31c546fda6f6fe92f4afc388649c\"},\"description\":\"Gunter Ollmann of Devo offers a crash course on autonomous SOC, laying down the foundation on what to consider when building yours.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/what-to-consider-when-building-an-autonomous-soc\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/security-information-event-management\/what-to-consider-when-building-an-autonomous-soc\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/what-to-consider-when-building-an-autonomous-soc\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2023\/05\/What-to-Consider-When-Building-an-Autonomous-SOC.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2023\/05\/What-to-Consider-When-Building-an-Autonomous-SOC.jpg\",\"width\":800,\"height\":400,\"caption\":\"autonomous SOC\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/what-to-consider-when-building-an-autonomous-soc\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What to Consider When Building an Autonomous SOC\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\",\"name\":\"Best Information Security SIEM Tools, Software, Solutions & Vendors\",\"description\":\"Buyer's Guide and Best Practices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/670b31c546fda6f6fe92f4afc388649c\",\"name\":\"Gunter Ollmann\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/fe8b7c63e611afb195f74fcb302d8450?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/fe8b7c63e611afb195f74fcb302d8450?s=96&d=mm&r=g\",\"caption\":\"Gunter Ollmann\"},\"description\":\"Gunter Ollmann drives product and security strategy as Devo\u2019s CTO; leading product management, security research, data science, and cybersecurity operations teams. He has more than three decades of information security experience from several cybersecurity consulting and research roles. Prior to Devo, Gunter spent more than four years as CSO protecting Azure customers and leading cross-pillar security strategy for the Cloud and AI security groups at Microsoft. Prior to Microsoft, he was CSO at Vectra AI, driving new threat research and innovation into machine learning and AI-based threat detection of insider threats. Gunter also served as chief security strategist at IBM, where he built and led the well-known and highly regarded X-Force team. He previously held chief technology officer roles at cybersecurity companies, including NCC Group, IOActive, and Damballa.\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/author\/gollmann\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What to Consider When Building an Autonomous SOC","description":"Gunter Ollmann of Devo offers a crash course on autonomous SOC, laying down the foundation on what to consider when building yours.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/security-information-event-management\/what-to-consider-when-building-an-autonomous-soc\/","og_locale":"en_US","og_type":"article","og_title":"What to Consider When Building an Autonomous SOC","og_description":"Gunter Ollmann of Devo offers a crash course on autonomous SOC, laying down the foundation on what to consider when building yours.","og_url":"https:\/\/solutionsreview.com\/security-information-event-management\/what-to-consider-when-building-an-autonomous-soc\/","og_site_name":"Best Information Security SIEM Tools, Software, Solutions & Vendors","article_published_time":"2023-05-24T21:29:06+00:00","article_modified_time":"2024-07-15T15:23:19+00:00","og_image":[{"width":800,"height":400,"url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2023\/05\/What-to-Consider-When-Building-an-Autonomous-SOC.jpg","type":"image\/jpeg"}],"author":"Gunter Ollmann","twitter_misc":{"Written by":"Gunter Ollmann","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/what-to-consider-when-building-an-autonomous-soc\/","url":"https:\/\/solutionsreview.com\/security-information-event-management\/what-to-consider-when-building-an-autonomous-soc\/","name":"What to Consider When Building an Autonomous SOC","isPartOf":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/what-to-consider-when-building-an-autonomous-soc\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/what-to-consider-when-building-an-autonomous-soc\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2023\/05\/What-to-Consider-When-Building-an-Autonomous-SOC.jpg","datePublished":"2023-05-24T21:29:06+00:00","dateModified":"2024-07-15T15:23:19+00:00","author":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/670b31c546fda6f6fe92f4afc388649c"},"description":"Gunter Ollmann of Devo offers a crash course on autonomous SOC, laying down the foundation on what to consider when building yours.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/what-to-consider-when-building-an-autonomous-soc\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/security-information-event-management\/what-to-consider-when-building-an-autonomous-soc\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/what-to-consider-when-building-an-autonomous-soc\/#primaryimage","url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2023\/05\/What-to-Consider-When-Building-an-Autonomous-SOC.jpg","contentUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2023\/05\/What-to-Consider-When-Building-an-Autonomous-SOC.jpg","width":800,"height":400,"caption":"autonomous SOC"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/what-to-consider-when-building-an-autonomous-soc\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/security-information-event-management\/"},{"@type":"ListItem","position":2,"name":"What to Consider When Building an Autonomous SOC"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website","url":"https:\/\/solutionsreview.com\/security-information-event-management\/","name":"Best Information Security SIEM Tools, Software, Solutions & Vendors","description":"Buyer's Guide and Best Practices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/670b31c546fda6f6fe92f4afc388649c","name":"Gunter Ollmann","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/fe8b7c63e611afb195f74fcb302d8450?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fe8b7c63e611afb195f74fcb302d8450?s=96&d=mm&r=g","caption":"Gunter Ollmann"},"description":"Gunter Ollmann drives product and security strategy as Devo\u2019s CTO; leading product management, security research, data science, and cybersecurity operations teams. He has more than three decades of information security experience from several cybersecurity consulting and research roles. Prior to Devo, Gunter spent more than four years as CSO protecting Azure customers and leading cross-pillar security strategy for the Cloud and AI security groups at Microsoft. Prior to Microsoft, he was CSO at Vectra AI, driving new threat research and innovation into machine learning and AI-based threat detection of insider threats. Gunter also served as chief security strategist at IBM, where he built and led the well-known and highly regarded X-Force team. He previously held chief technology officer roles at cybersecurity companies, including NCC Group, IOActive, and Damballa.","url":"https:\/\/solutionsreview.com\/security-information-event-management\/author\/gollmann\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/4528"}],"collection":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/users\/679"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/comments?post=4528"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/4528\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media\/4529"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media?parent=4528"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/categories?post=4528"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/tags?post=4528"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}