A lot of the talk at this roundtable was about automation. Though most teams are comfortable handling orchestration, significant discomfort seems to exist around automating these processes. Having a quality assurance team can also assist in ensuring that the SOC functions well through automated SecOps, and validating that automation—but those ideas are still fresh, and members of the discussion agreed that is still not easy to trust yet. Automating the SOC also risks cultivating a sense of complacency in the team, as teams can forget to keep an eye on what runs that automation and consistently double-checking the automated processes to ensure they’re still functioning properly. Regardless of whether or not automation is involved, however, Security Orchestration is still overwhelmingly vital.
Staff engagement is also important. Keeping your team engaged in the SOC from the outset of training all the way through the career path and ensuring they see the importance of it can help secure its place in your system. But it is also important to go outside of your security team and ensure the rest of the company also has an awareness and understanding of what the SOC does and why it is important.