Presentation is loading. Please wait.

Presentation is loading. Please wait.

Changing Role Tier 1 SOC Analysts Should You Stop Hiring?

Published bySiemplify Siemplify Modified over 4 years ago

Similar presentations

Presentation on theme: "Changing Role Tier 1 SOC Analysts Should You Stop Hiring?"— Presentation transcript:

1 Changing Role Tier 1 SOC Analysts Should You Stop Hiring?

2 Introduction Much has been written about the death of the Tier 1 SOC analyst. To paraphrase Mark Twain, reports of that death are greatly exaggerated. A simple Glassdoor search yields 186 open positions that posted in just the last month. Is one of your open roles on that list?

3 Recruiting Multiple Analysts Odds are you are recruiting for multiple security analysts at any given time, particularly at the entry level. This is largely due to a combination of attrition and growth in alerts coming in from your various security tools. To add insult to injury, if you’re like most organizations, those jobs have probably been sitting unfilled for three months or more.

4 Time To Fill An Open Cyber Security/ Information Security Position

5 Why Need Tier 1 Analyst Directing or managing a SOC is no easy task, especially when you’re short on people to manage. Before you start thinking this is yet another diatribe on the cybersecurity skills shortage, we assure you, it’s not. Rather, in this blog we will look at the role of the Tier 1 SOC analyst today and the part security orchestration and automation play in bringing about an evolution in the way SOC leaders think about these positions.security orchestration and automation

6 Would You Want This Job? The typical Tier 1 cybersecurity analyst job description reads a little something like this:Tier 1 cybersecurity analyst ●Under general supervision, this role is responsible for monitoring networks for security events and alerts to potential/active threats, intrusions, and/or indicators of compromises and responding to incidents at the Tier 1 level. ●Monitor security infrastructure and security alarm devices for Indicators of Compromise utilizing cybersecurity tools, under 24/7 operations.

7 Security Analyst Role ●Direct response and resolution to security device alarm incidents and additional incident investigation as needed. ●Utilize cyber security analysis to generate security incident reports and document findings. ●Log details of Security Operation Center call, including all events and actions taken, and track tickets to maintain workflow management. Document all events and actions. ●Determine the intent of malicious activity based on standard policies and guidelines and escalate further investigation incidents to the next Tier of Incident Response.Incident Response

8 The Rise of the Machines Enter machine-driven solutions. Security orchestration and automation platforms are specifically designed to address many of the most prevalent security operations challenges. Challenge 1: Too Many Alerts Most security operations teams get thousands of alerts per day and can only investigate and respond to a portion of them. On average, security operations teams leave 44% of alerts uninvestigated. Your Tier 1 analysts are the ones on the front line of this alert deluge, making them the ones most susceptible to alert fatigue and ultimately, job burnout.

9 Contextual Alert Grouping Addressing alert overload is one of the biggest benefits security automation can bring to a SOC team. Data gathering is time-consuming, repetitive and highly detail oriented. It’s perfectly suited to automation.security automation Applied correctly, security automation tools can identify relevant, critical alerts in a fraction of the time, with a higher degree of accuracy than a human analyst can. By employing an automation solution that identifies and groups related alerts into workable cases, you can redirect your analysts’ time toward in-depth investigation, analysis, and incident response activities.

10 Challenge 2 : Too Many Tools With a dozen or more security technologies to work across, your analysts spend much of their day switching from screen to screen just to gather the data they need. And mastering the ins and outs of managing and using a variety of tools creates a steep learning curve for new analysts. Security orchestration fundamentally changes the game for SOC analysts by creating a single, cohesive interface for managing disparate security tools. As with the automation of alert grouping, this puts more time back into the analysts’ day for tasks that truly require human intervention.

11 Challenge 3 : Many Manual Processes Are your SOC workflows documented? Entry-level analysts frequently find it tough to get up to speed and become effective quickly when processes aren’t formalized and executed consistently. Manual steps within each workflow – whether interacting with users, looking up files and hashes or adding new rules and signatures – only compound the issue further by taking time away from higher value activities.

12 Conclusion Because much of what is traditionally associated with the role of a Tier 1 analyst can be addressed with security orchestration and automation, it’s easy to see why some think these roles are on their way to being obsolete. Yes, it’s true that much of what your average entry-level analyst is tasked with today can be completed faster and more efficiently through automation, but that doesn’t mean you should give up your open reqs just yet. Instead, you should think about how to redefine your Tier 1 roles.

Download ppt "Changing Role Tier 1 SOC Analysts Should You Stop Hiring?"

Similar presentations

Lecture 2b: Software Project Management CSCI102 - Introduction to Information Technology B ITCS905 - Fundamentals of Information Technology.

Lecture 2b: Software Project Management CSCI102 - Introduction to Information Technology B ITCS905 - Fundamentals of Information Technology.
Department Of Computer Engineering

Department Of Computer Engineering
Correlations, Alarms and Policies

Correlations, Alarms and Policies
Setting up a Hyperion Center of Excellence Case Study at Plantronics By

Setting up a Hyperion Center of Excellence Case Study at Plantronics By
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.

1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
SAKY HCM Employee Details Payroll Management Leave Management Attendance Tracking Statutory Deductions Presented Saky.

SAKY HCM Employee Details Payroll Management Leave Management Attendance Tracking Statutory Deductions Presented Saky.
Practical IT Research that Drives Measurable Results Get Started Bringing Order to Help Desk Request Chaos.

Practical IT Research that Drives Measurable Results Get Started Bringing Order to Help Desk Request Chaos.
- Company Confidential - Corporate Overview March 2015.

- Company Confidential - Corporate Overview March 2015.
Why Freelance Developers Are Switching To Econtracts

Why Freelance Developers Are Switching To Econtracts
SIEM Rotem Mesika System security engineering 372.2.5204.

SIEM Rotem Mesika System security engineering
WHY VIDEO SURVELLIANCE

WHY VIDEO SURVELLIANCE
WHY VIDEO SURVELLIANCE

WHY VIDEO SURVELLIANCE
Hurricanes, Earthquakes, and Threat Intelligence

Hurricanes, Earthquakes, and Threat Intelligence
Hybrid Management and Security

Hybrid Management and Security
Cisco Defense Orchestrator

Cisco Defense Orchestrator
Online Office Discipline Referral System

Online Office Discipline Referral System
Onboarding Learning Objectives Checklist

Onboarding Learning Objectives Checklist
Chapter 19: Network Management

Chapter 19: Network Management

Similar presentations

Ads by Google