Other factors CISOs should consider when building a SOC
When building or maintaining an in-house SOC, experts flag other factors that CISOs should keep in mind. One question CISOs should ask themselves is, “have you equipped your analysts to do their job effectively,” Paterra says. “If you have to enumerate, go and sit down and just look at what they’re doing from a day-in, day-out perspective. If they have 50 browser tabs, you can very easily say that your analysts are not in a position to do their job effectively.”
Pope recommends that organizations spend more time in detection engineering. “That is when you get those alerts, and you’re saying, these are false positives, or the tool shouldn’t have sent it. You [should tune] those alerts so you’re not repeating the same thing tomorrow, the next day, the day after that,” Pope says.
Moreover, AI is rapidly changing the face of security operations, which can radically improve detection engineering. “There’s real value in AI right now on upskilling and leveling up SOC analysts,” Pope says. “That’s here today. It will be there in the future. Maybe it’s not solving everything, but it is making analysts faster and better.”
