Future SOC: The Universal Analyst


Flying cars may feel far off in the future, but at a time when self-driving cars have become a reality, we’re reminded that what was once science fiction often becomes reality thanks to technical innovation. The U.S. military is often a driver  of such innovation, pushing research funding through programs like the Defense Advanced Research Projects Agency (DARPA), leading to the creation of anything from new types of battle field robotics, autonomous vehicle systems and weapons. One area of particular interest of the U.S. military has been technology that enables soldiers to be more effective in their roles. For example, there’s been press about the high-tech F-35 fighter jet helmets developed by the Air Force to give pilots machine-speed awareness of the airspace in real-time, augmenting  human capabilities with the latest artificial intelligence (AI) and sensor technology.

But what about the cyber security soldiers – the security operations center (SOC) analysts that are on the front lines dealing with military-grade cyber adversaries?  The U.S. Department of Defense is also investing  in innovation for the  cyber world. Agencies like DARPA and its initiatives like the public Cyber Grand Challenge demonstrate that advancing our cyber capabilities in defense and for critical infrastructure protection are a huge priority to the U.S. military.

Backed by government funding and Silicon Valley VCs, technologists are working furiously to innovate technologies like machine learning and AI and leverage them to force-multiply SOC analyst workflows. With all this work to take SOC into the future, what enhancements can we expect to see over the next ten years? Below are the innovations that we predict will play a key role in the future SOC.

  • Visual interfaces similar to Oculus VR to help SOC analysts sift through large datasets resulting from the petabytes of network traffic captures, leading to improved anomaly detection and lateral movement hunting.
  • AI-driven alert analysis that moves the entire concept of triage from a human-led task to one powered by intelligence automation platforms.
  • Voice-activated interfaces coupled with chatbots and other AI-assisted voice recognition services to help analysts interact faster and with more efficiency.
  • Automated threat intelligence generation and consumption. No longer will threat intelligence like signatures and IOCs be traded manually by analysts via reports and TIP platforms. Instead it will be automatically generated, validated and exchanged at wire speed by intelligent SOC platforms.

Like flying cars, many of these innovations may seem futuristic and out-of-reach. But when we look at how far machine learning and AI have come in recent years, it’s not hard to imagine this vision of the SOC could be our reality sooner than we think.

To learn how JASK is modernizing security operations and why we’re different, please visit Why JASK.


Share on