operations center (Gorodenkoff/Shutterstock.com)

Industry Insight

The superpowered SOC: How AI can drive agencies to the next level of cyber defense

With federal agencies reporting more than 28,500 cybersecurity incidents a year, government cybersecurity teams have their hands full. What’s more, the attacks are dramatically increasing in volume, sophistication and impact. The disclosure in December that Russia launched a massive hack of SolarWinds software -- gaining access to emails at the Departments of Treasury, Justice, Commerce and others -- serves as Exhibit A of the growing efficacy of our adversaries.

It’s an inescapable and unfortunate reality rooted in our dedication to continuous innovation: Agencies keep investing in diverse cloud and internet of things (IoT) environments to boost productivity and deliver positive outcomes for stakeholders, but the expanding complexity and scale of their digital infrastructures make life extremely difficult for security operations center teams. At the same time, novel and advanced threats are moving at machine speed, raising the bar for understaffed and overworked SOC teams. They encounter too many alerts to conduct appropriate triage and respond appropriately.

Is it time to replace them with artificial intelligence-based cybersecurity?

Not at all. Instead of replacing human security team members, we must elevate them to a new performance level, creating a super-powered SOC to confront and defeat modern threats. Seamlessly integrating self-learning AI solutions into existing government technologies can deliver optimal automation and orchestration.

Existing cybersecurity solutions serve a clear purpose, but they also generate a great deal of noise. Two out of five organizations deal with at least 1,000 alerts a day -- with 14% receiving no less than 10,000 a day. It should come as no surprise then that 83% of security professionals are experiencing “alert fatigue.” By integrating self-learning AI and automation into existing technologies, these professionals are better positioned to sort through the noise, deploy AI to filter out what’s insignificant and focus on what’s dangerous.

Specifically, super-powered agency SOC teams would benefit from the following new capabilities and developments:

Full-range detection to ensure optimal response and remediation. To defend every extent of the enterprise, federal agencies must consistently identify real threats and respond intelligently – no matter where, when or how the attack strikes. Self-learning AI drives SOC teams to the next level by removing dependencies on signatures to take action. The SolarWinds hackers, for example, achieved free rein throughout the U.S. government because there was no known signature to stop them. AI allows teams to detect novel threats and abnormalities and, as indicated, separate inconsequential “white noise” from that which will do harm.

The resolution of attacks with accurate and efficient threat management. Because AI is helping teams leverage the maximum capabilities of all tools, SOCs are no longer relying on one “single source of truth.” They are correlating multiple sources of threat intelligence and -- with the speed and precision of automated AI deployment -- responding to high-priority incidents instantly.

The liberation of SOC teams from onerous, time-consuming burdens. Both the public and private sectors face staggering cybersecurity staffing shortages, with 3.5 million unfilled jobs expected this year, up from 1 million in 2014. While we cannot create more people, we can free them from the tedium of monitoring and responding to a relentless barrage of alerts so they can devote their energies and resources to bigger-picture tasks and strategies that improve the overall security posture of their agencies.

Once we arrive at this state, we’ve reached the superpowered level of performance required for today’s threats. The machines will never replace the people, but they can augment their skillsets to unleash the full potential of a more focused, efficient, effective and strategic SOC.

About the Author

Jeremy Newberry is cybersecurity solutions architect at Merlin Cyber.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected