In the final blog in our cybersecurity experts discuss series, we summarize why a SIEM can enhance and augment your SOC analyst. Read what Ben Harrison, Director SOC and Security Services at Cygilant and Jake McCabe, CISSP, Presales Director at LogPoint.
A modern SIEM can help make a SOC analyst more effective and productive. It should take and leverage all types of different security-related data to perform meaningful analytics. It should also prioritize that data and present it to analysts so it’s easier to drill into data and conduct follow-on research. A modern SIEM can also pre-aggregate information that it thinks an analyst will want to review upon detecting an alert. These capabilities help enhance and augment SOC analysts.
We see arguments that machine learning is going to replace analysts. That’s not going to happen any time soon. Instead, we see the best results when technology is focused on enhancing and augmenting SOC teams to do more, better and faster. If a technology does in fact eliminate an analyst, it can quickly devolve into alert blindness that creates more noise and doesn’t offer the security team insights into what is truly going on.
The real value comes from taking best-of-breed SIEM tools and the best and combining that with great analysts. That’s where the magic happens.
Read the Series
- Doing the Basics Well
- Demonstrable Customer Security Value
- Frameworks & MITRE ATT&CK
- Cybersecurity Experts Discuss: Plan Your Use Cases
- Cybersecurity Experts Discuss: Process, Process, Process
- Balancing People and Process
- Data is King
- Why SIEM Enrichment
- Machine Learning for Security Applications