Security Operations , Security Operations Center (SOC) , Video

Why a 'Paradigm Shift' is Required in the SOC

Nat Smith of Gartner on New Skill Set Needed for Investigations
Nat Smith, senior director, analyst, Gartner

False positives continue to be a challenge for SOC analysts. Nat Smith, senior director analyst at Gartner, the global research and advisory company, is calling for a "paradigm shift" in the SOC. "Over the last few years … we've become embroiled with the concept of false positives as a means to distinguish which vendor is better than which," he says.

See Also: Building Better Security Operations Centers With AI/ML

"Rather than looking at the individual players or the individual setting," Smith says, analysts need to look at the "bigger picture." "That's what needs to change, and that's a different kind of a skill set."

Smith calls for "an infrastructure change" in the SOC. "Fundamentally, instead of looking at an alert that comes in and validating whether or not that alert is accurate … we need to look at the full scale - everything else that we would expect - and look to see if we see some of these clues. That's the starting point. If we see some of these other clues, it starts to validate this is a real activity, a real sequence that's starting to happen," he says.

In a video interview with Information Security Media Group, Smith discusses:

  • Why a paradigm shift is required to better investigate incidents in the SOC;
  • New or additional skills needed to understand what is contextually relevant when responding to security incidents;
  • Vendors that are showing positive signs of embracing this paradigm shift.

Smith is a senior director security analyst in the Technology and Service Provider division of Gartner, researching emerging technology and trends for technology product leaders. He researches technology, markets and trends that affect network security, especially artificial intelligence and machine learning.

About the Author

Anna Delaney

Anna Delaney

Director, ISMG Productions

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.