Last week I had a great chat on The Future of SOC with a major vendor. We discussed where we see things going in SecOps, and how work is going to evolve for SOC teams in the coming years. It was very interesting and has had me pondering ever since so I’m going to list some discussion points here:

– Autonomous SOC is coming, no doubt about it.
– AI is not THERE today and is likely still too expensive but it will be there soon™.
– AI is going to take away a lot of the ‘grunt’ work – triage, known false positives, query writing.
– AI from the big vendors is at different levels. Some great at some things, some kinda helpful, some trash.
– Analysts will have to focus more on threat hunting, prompt engineering, playbooks, automations, and detection engineering.
– Analysts will have to be more proactive in programme maturity discussions – WHERE are we at, WHERE do we want to go, HOW are we going to get there.
– Threat intelligence requires EVERYONE to contribute findings.
– SOC team dynamics is about to be shaken up.
– Exciting times ahead.

I’ve assessed AI offerings from Palo Alto Networks, Elastic, Google, and Microsoft recently. Some things are ready to help us in SecOps right now, especially in micro-SOC or internal SOC. If you’re interested in knowing more then I’m always available for a chat.

Stay safe ✌️

Categories: