Moving from reactive to proactive through automation

Published on

Written by Eoin HinchyCo-founder & CEO, Tines

Analysts are being weighed down by mundane, tedious tasks, preventing them from doing their best work, causing burnout, and leading them to the point of wanting to leave their jobs.

SOC analysts' biggest frustration and one of their top challenges is having to spend time on manual tasks, according to our recent report, 'The Voice of the Analyst.' These tasks are not only repetitive, but they're taking them away from more engaging, higher-impact work. This can also lead to burnout — which 71% of analysts are experiencing — and turnover, as 63% of analysts say they are planning on looking for a new job in the next year.

But your analysts don't have to be burned out, frustrated, and spending time on lower-level tasks that aren't engaging their skills or interests. What's the solution? Automation. By giving your analysts the power to automate their workflows, they'll soon remove those tedious, manual tasks from their to-do list, giving them more time to work on projects and initiatives that have a greater impact on their team and their organization's security posture overall.

At Tines, we spend much of our time thinking about a different future for security teams, where analysts are empowered to automate their workflows. Here's a glimpse into what it could look like and the tasks analysts would spend their time on if they could automate their manual work. 

Five ways analysts would spend their time if freed from manual work

If analysts could automate their tasks and repurpose that time for other projects, what would they work on? We asked them (to choose all that applied) and discovered the following:

Updating operational documentation (48.1%): Every SOC needs solid documentation for its processes, and if analysts could automate their manual tasks, they would first spend their time getting their documentation updated. While it's necessary, placing this first also signals that SOC teams are behind on updating their documentation, possibly due to too much focus on manual tasks.

Developing advanced detection rules (44.7%): Instead of spending time reactively monitoring and detecting, analysts would spend time being proactive with their detection approach. They would spend their time creating automations and processes to streamline their work, reduce alerts, and make their detections more precise.

Integrating more systems and logs (41%): Analysts would also spend time improving and streamlining their processes by integrating their systems and logs, giving them more visibility into their environment and keeping their tools up-to-date. This is also important, considering that poor processes are one of the top challenges analysts face.

Research TTPs and focus more on intelligence (39.5%): If they had more time in the day, analysts would also spend it learning more about the tactics, techniques, and procedures (TTPs) of malicious actors to better recognize threats and prevent them before they happen.

Modify detection and alert rules to reduce false-positive rates (35%): Finally, analysts would focus on reducing false positives, which would reduce the noise around the alerts they get so they could focus on the ones that truly require attention.

Automation's Impact

What's the common theme of the above tasks? Proaction. Analysts would automate tasks that keep them in a perpetual reactive mode to turn their efforts and attention to proactively protecting their organization by keeping documentation up-to-date, developing new rules and responses, and staying ahead of malicious actors. By implementing no-code automation today, SOC leaders can turn their team from constantly being on the defensive to operating on the offense.

Want to read the full report?

Voice of the SOC Analyst

Read the report

No-code
automation
for
security teams

Get started