The SOC will also change massively through the use of AI. With an AI enhancement that distills the knowledge of a global "crowd" of SOC analysts from security workflows and then turns them into a kind of co-pilot. An assessment by Joshua Saxe, Chief Scientist and AI expert at Sophos.
Today, there are two types of user-centric software products: products that use machine learning and automation to adapt to and achieve user goals, and products that are disruptive and require carefully memorized and repetitive interactions. Google Search, Siri and Spotify belong to the former product category. Today's Security Operations Center (SOC) platforms fall into the latter, non-adaptable, disruptive category.
AI will automatically make suggestions
That will change in the next five years. Successful security products will be as adept at recommending relevant security information as Google and Facebook, and as accurate at predicting the intent behind security-focused natural language queries as Alexa and Siri. They will also combine artificial intelligence technologies with the types of system integrations that have reached smart home ecosystems and update security policies - just like smart homes turn on security cameras and lock doors at user request.
This new “AI-enabled SOC” will feel just as dramatically superior to today's SOCs as today's Google search compares to 1990's Altavista. With the AI enhancement that distills the knowledge of a global “crowd” of SOC analysts into a kind of security workflow co-pilot, auto-completes SOC analyst workflows, and anticipates SOC analyst intent, the security workforce becomes significant be more effective.
AI-assisted SOC increases effectiveness
Of course, this change will not come out of a vacuum, but will be the result of the convergence of several current technology trends: the first of which is the increasing integration of all relevant security data across the entire user base by Extended Detection and Response (XDR) providers. For the first time, these provide the necessary training data for the supporting machine learning models of the future AI-supported SOC. The second trend is cross-technology AI innovation, where research continues to develop better machine learning (ML) algorithms, tools, and cloud AI infrastructure that provide opportunities for the ML capabilities of the AI-powered SOC.
The third trend is the programmable security posture, where IT, cloud and security products are increasingly providing robust management APIs. As more and more of the IT landscape becomes controllable via APIs, there are increasing opportunities to provide SOAR (security orchestration, automation and response) capabilities to AI-powered SOCs that behave like smart home ecosystems, the security posture of Update companies and resolve incidents via automation at the push of a button.
AI is not just a trend
Everything currently indicates that the evolution of user interfaces towards seamless and sophisticated integration of AI models that can recognize user intent is becoming increasingly important, and several technology areas have already achieved this status. This development can also be expected from providers of SOC software products in the next few years - or they will become increasingly irrelevant. In fact, a "security operation recommendation engine" with a usability rivaling that of utilities we know from Google, Amazon or Netflix seems very likely.
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.