Why a ‘Paradigm Shift’ is Required in the SOC

Security Operations
Security Operations Center (SOC)

Nat Smith of Gartner on New Skillset Needed for Investigations

Nat Smith, senior director, analyst, Gartner

False positives continue to be a challenge for SOC analysts. Nat Smith, senior director analyst at Gartner, the global research and advisory company, is calling for a “paradigm shift” in the SOC. “Over the last few years … we’ve become embroiled with the concept of false positives as a means to distinguish which vendor is better than which,” he says.

See Also: Top 10 Essential Capabilities of a Best-of-Breed SOAR

“Rather than looking at the individual players, or the individual setting,” Smith states, analysts need to look at the “bigger picture”. “That’s what needs to change, and that’s a different kind of a skillset,” he states.

Smith calls for “an infrastructure change” in the SOC. “Fundamentally, instead of looking at an alert that comes in and validating whether or not that alert is accurate … We need to look at the full scale, everything else that we would expect and look to see if we see some of these clues. That’s the starting point. If we see some of these other clues, it starts to validate this is a real activity, a real sequence that’s starting to happen,” he says.

In a video interview with Information Security Media Group, Smith discusses:

  • Why a paradigm shift is required to better investigate incidents in the SOC;
  • New or additional skills needed to understand what is contextually relevant when responding to security incidents;
  • Vendors which are showing positive signs of embracing this paradigm shift.

Smith is a senior director security analyst in the Technology and Service Provider (TSP) division of Gartner, researching emerging technology and trends (ETT) for technology product leaders. Smith researches technology, markets and trends impacting network security especially artificial intelligence (AI) and machine learning (ML).

Source link