Practitioner Insights into Security Operations Centres (SOCs): Challenges, Capabilities, and Opportunities
摘要
Organisations widely adopt the Security Operation Centres (SOCs) to detect cyber incidents. SOCs provides a centralized view of the activities taking place in the network and alerts security analysts to any potential incidents. Several studies have explored SOCs, primarily focusing on implementation and general descriptions, but with limited attention given to other factors such as human-technology interaction, including alert fatigue, skill gaps, and operational inefficiencies. The connection between human and technological aspects in SOC security remains largely unaddressed, along with the challenges introduced by this interaction. This study investigates how these two aspects inform each other and contribute to the improved effectiveness of the SOC. A survey of 47 SOC practitioners, including analysts and managers, was conducted to identify operational gaps and challenges. Key findings highlight the need for automation, the impact of alert fatigue and the increasing sophistication of threat actors leveraging emerging technologies such as AI. These insights are expected to benefit the SOCs operators’ community.