Andesite’s Chief Product Officer William MacMillan argues on SC Media that so far the attempts to automate the Security Operations Center (SOC) have failed.
Almost 20 years since the rise of the SIEM, and 10 years after SOAR platforms first hit the market, SOCs are still struggling. Analysts are drowning in an “everywhere data” environment, struggling to interpret, prioritize, and respond to seemingly never-ending indicators as close as possible to the speed of threat. Many companies run more than 100 different security tools, forcing analysts to bounce between screens and portals, each with its own query language, while trying to piece together a cohesive investigative narrative. SOC leaders face mounting pressure to deliver on metrics and prove ROI on their growing security budgets.