The more issues that need to be monitored, the more data, people, technology and operations are required. The sheer number of alerts, and the work required to handle them, causes many security operations to stall.

Automation offers the opportunity to solve some of these challenges, but it isn’t necessarily a cure-all by itself. Organisations can’t simply “deploy automation” in their security operations centres (SOCs) and solve the scale problem. While new threats evolve and technologies emerge, the requirements for manual intervention will change, but never be completely removed.

Achieving complete automation is impossible because it would require flawless accuracy, which is unobtainable. The fast pace of change means that by the time teams have managed to automate something, 10 new problems will have arisen. The notion that the human contribution to SOC responsibilities can be replaced entirely isn’t realistic.

Using AI along with automation within the SOC is inevitable, as the vast areas of log data, complex investigational methods, difficult to spot patterns and wide-ranging skills requirements continue to get harder to manage.

While AI and automation are unlikely to deliver full autonomy, they will create much-needed scalability, particularly to augment roles within the SOC, and to adapt to future requirements without necessitating significant overhauls.