Security operations grow more difficult each year due to issues such as the persistent threat landscape, a growing attack surface, and the volume and complexity of security alerts. Additionally, many SOC teams remain understaffed and lack advanced security operations skills. To address these challenges, CISOs are open to evaluating new technologies in areas like advanced analytics for threat detection and process automation for incident response.

Additionally, many organizations have active initiatives to consolidate security operations tools. SOC technology consolidation and integration efforts are aimed at improving security efficacy, reducing operational overhead, and building a SOC technology architecture that can keep up with the pace and scale of hybrid IT.

Threat detection and response priorities include operationalizing threat intelligence, improving the integration of asset management data with security operations, and improving alert triage and prioritization. This indicates that existing SOC operations activities are inadequate, and organizations will subsequently spend accordingly to address current limitations.

To gain further insight into these trends, TechTarget’s Enterprise Strategy Group surveyed 374 IT and cybersecurity professionals at organizations in North America (US and Canada) responsible for or involved with security operations technology and processes.