As well as the common use of AI and ML when addressing threat detection, 89% of SOCs expect to use or acquire a Security Orchestration and Automated Response (SOAR) tool within the next 12 months, according to Micro Focus‘s 2020 State of Security Operations report.
The cloud has also proved useful, with 96% of organisations using the cloud for IT security operations, while on average, nearly two-thirds of their IT security operations software and services are already deployed in the cloud.
During the Covid-19 pandemic, the biggest challenge that SOCs have faced, according to the research, has been the increased volume of cyber threats and security incidents; this was cited by 45% of respondents.
Another commonly cited security challenge was higher risks due to workforce usage of unmanaged devices (40%), with many employees resorting to using personal devices for work while operating remotely.
In addition, one in three respondents identified prioritising security incidents and monitoring security across a growing attack surface as severe SOC setbacks, while 90% of organisations are relying on the MITRE ATT&CK framework as a must-use tool for understanding attack techniques.
Use cases for AI and ML in cyber security
“The odds are stacked against today’s SOCs: more data, more sophisticated attacks, and larger surface areas to monitor,” said Stephan Jou, Interset CTO at Micro Focus. “However, when properly implemented, AI technologies, such as unsupervised machine learning, are helping to fuel next-generation security operations, as evidenced by this year’s report.
“We’re observing more and more enterprises discovering that AI and ML can be remarkably effective and augment advanced threat detection and response capabilities, thereby accelerating the ability of SecOps teams to better protect the enterprise.”
Ramsés Gallego, security, risk & governance international director at Micro Focus, commented: “Equipping security teams with the correct tools and frameworks to effectively deal with an expanding attack surface should be a top priority for every enterprise. But it doesn’t stop there.
“Looking ahead, it will be more important than ever that cyber security professionals receive the correct training and guidance on how to utilise these tools properly and identify the relevant information within frameworks such as MITRE ATT&CK.
“Only then can organisations be confident that they are in the best position to detect and guard their IT ecosystem against cyber threats – and able to protect their teams against burnout in the process.”
The Micro Focus survey was promoted via email to 410 security operations professionals in the United States, United Kingdom, Germany, India, and Japan in August 2020.
