EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Limited, each of which is a separate legal entity. Ernst & Young Limited is a Swiss company with registered seats in Switzerland providing services to clients in Switzerland.
How EY can help
-
Discover how EY's Next generation security operations & response team can help your organization manage leading-class security operations in a programmatic way.
Read more
Automation in investigation and mitigation workflow is a key stone in maturing SOC capabilities. What we often see is that the talk of automation in a less mature SOC makes the SOC engineers and managers quite nervous. The fear of mistakes in automation causing business disruption or the impact on their reputation often blocks the advancements in this area. Automation in threat response however is not a standalone task but should be very carefully constructed in collaboration with other corporate functions.
With more time and resources available, the SOC team can also turn their attention to proactive threat hunting. All too often, this important endeavor exists essentially in name only. At the same time, team turnover falls dramatically when people have more rewarding work to do than mundane tasks in daily workloads, which is good for organizations not only in terms of costs saved in recruitment and onboarding, but also the knowledge and experience retained in this key function.
As can be seen, automation would improve the maturity level in various aspects across the domains people, process, technology and services.
Next Generation SOC
We believe the future of SOC is one that leverages the full potential of people, technology and processes, and considers all business drivers to deliver a suite of services that truly protect the organization. The next generation of SOC will be about using technological advances at scale to support seamless connections between these different touchpoints.
To continue meeting security needs, we believe next generation SOCs should also incorporate:
- Big data platforms and machine learning and advanced behavioral analytics, threat hunting, integrated incident response and SOC automation
- Network traffic analysis and application performance monitoring tools
- Endpoint detection and response, which helps detect and mitigate suspicious activity on hosts and user devices
User and entity behavior analytics, which uses machine learning to identify suspicious behavior patterns.