AI-powered threats highlight the need for a unified approach to SOCs
With new threats such as AI-powered attacks, enterprises must be fully prepared and confident about protecting themselves and their customers and build a unified security operations center (SOC) that combines human expertise with AI advancements.
A new report from Splunk looks at the mounting challenges faced by SOCs. It uncovers the pain points that hamper organizations and open their doors to threats -- 46 percent of respondents say they spend more time maintaining tools than defending the organization, while only 11 percent trust AI completely for mission-critical tasks. Furthermore, 66 percent experienced a data breach in the past year, making it the most common security incident.
"Organizations are increasingly leaning on AI for threat hunting and detection, and other mission-critical tasks, but we don't see AI taking complete oversight of the SOC -- for good reason," says Michael Fanning, CISO at Splunk. "Human oversight remains central to effective cybersecurity, and AI is used to enhance human capabilities to help where it truly matters: defending the organization."
When SOC workflows aren't operating at their peak, it creates major barriers to effective threat detection and response. The report highlights several areas of inefficiencies that create risk for organizations. 59 percent say tool maintenance is the main source of inefficiency, while 78 percent say their security tools are dispersed and disconnected and 69 percent say disconnected and dispersed tools creates moderate to significant challenges.
Tool maintenance, data silos, and alert fatigue also serve to bog down SOC teams. These day-to-day burdens drain valuable time and impact an analyst's ability to respond quickly and decisively. The report reveals that 57 percent report losing valuable investigation time to data management gaps, 59 percent say they have too many alerts and 55 percent have to address too many false positives.
There's a lot of pressure on SOC teams too, the findings show that 52 percent of respondents say their team is overworked, 52 percent say stress on the job has prompted them to think about leaving cybersecurity altogether and 43 percent face unrealistic expectations by leadership.
You can get the full State of Security 2025 report from the Splunk site.
Image credit: mikkolem/depositphotos.com