SecOps Spends Its Days Monitoring
Developers, Security and Operations: DevSecOps. The operations part of the term usually refers to IT operations. However, today narrows in on SecOps, that work in security operations centers (SOCs) and cyber incident response teams (CIRTs). The Cyentia Institute’s survey of 160 of these security analysts shows they face some of the same challenges developers and IT operations teams do. They spend more time on monitoring than any other activity, but they much rather solve problems and “hunt” new threats. SecOps does not like reporting or something called Shift Ops — the actual details of change control and making sure the team doesn’t burn out. Given the shortage of information security professionals, it is concerning that only 45 percent of respondents said their job experience was meeting their expectations.
Cyentia suggests that automation can reduce the time spent on monitoring, letting analysts focus on intrusion prevention and threat intelligence. This is likely true, especially if the monitoring is being done at scale at a managed security service provider (MSSP). Yet, like DevOps, SecOps is also looking to make their dashboards more actionable, using AI to screen out unimportant noise.
Feature image via Pixabay.