Organisations widely adopt the Security Operation Centres (SOCs) to detect cyber incidents. SOCs provides a centralized view of the activities taking place in the network and alerts security analysts to any potential incidents. Several studies have explored SOCs, primarily focusing on implementation and general descriptions, but with limited attention given to other factors such as human-technology interaction, including alert fatigue, skill gaps, and operational inefficiencies. The connection between human and technological aspects in SOC security remains largely unaddressed, along with the challenges introduced by this interaction. This study investigates how these two aspects inform each other and contribute to the improved effectiveness of the SOC. A survey of 47 SOC practitioners, including analysts and managers, was conducted to identify operational gaps and challenges. Key findings highlight the need for automation, the impact of alert fatigue and the increasing sophistication of threat actors leveraging emerging technologies such as AI. These insights are expected to benefit the SOCs operators’ community.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Practitioner Insights into Security Operations Centres (SOCs): Challenges, Capabilities, and Opportunities

  • Yussuf Ahmed,
  • Fuad A. Ghaleb,
  • Sean Tickle

摘要

Organisations widely adopt the Security Operation Centres (SOCs) to detect cyber incidents. SOCs provides a centralized view of the activities taking place in the network and alerts security analysts to any potential incidents. Several studies have explored SOCs, primarily focusing on implementation and general descriptions, but with limited attention given to other factors such as human-technology interaction, including alert fatigue, skill gaps, and operational inefficiencies. The connection between human and technological aspects in SOC security remains largely unaddressed, along with the challenges introduced by this interaction. This study investigates how these two aspects inform each other and contribute to the improved effectiveness of the SOC. A survey of 47 SOC practitioners, including analysts and managers, was conducted to identify operational gaps and challenges. Key findings highlight the need for automation, the impact of alert fatigue and the increasing sophistication of threat actors leveraging emerging technologies such as AI. These insights are expected to benefit the SOCs operators’ community.