What's frustrating security analysts on a daily basis? When we asked that question in our recently published 'Voice of the SOC Analyst' survey, the number one answer was "spending time on manual work" like reporting, monitoring, and detection.
Why would that frustrate them? Manual tasks are repetitive, mundane, and tedious, and force analysts to spend most of their day or week chasing down answers or following up on alerts, only to do it again the next day. We also uncovered that the top tasks analysts are spending the most time on every day — reporting, monitoring, and detection — are the tasks they like the least. It's frustrating because they're not able to do what they really should be doing: analysis.
Manual work has long been part of an analyst's job. But why should they continue to do these manual tasks when they could automate those tasks, freeing them up to do more strategic and high-impact work that they want to do — and that their organizations would benefit from?
At Tines, we're dedicated to empowering security teams with no-code automation, and here are seven tasks analysts would automate today if they had the tools.
Top seven tasks security analysts think should be automated
If analysts had access to tools to automate specific tasks tomorrow, which tasks would they choose to automate first?
Risk assessments (24.8%): Analysts are spending so much time assessing risks that crop up, so it's the first task they would automate. Detection, monitoring, and evaluating risk don't need a human involved initially, and assessment can be automated so that analysts only get pulled in to apply their judgment when higher-risk threats are detected.
Intelligence analysis (19.2%): Similarly, analysts spend so much time interrogating threats that intelligence analysis is another task they would automate. Automating this task would allow alerts to arrive with richer, more actionable context so that an analyst can respond faster — instead of having to track down the information themselves.
Threat hunting (12%): While human judgment is still involved in threat response, analysts see that parts of the threat hunting process could be automated, eliminating the need for manual efforts to search out hacker threats or IOCs.
Email phishing response (8.6%): Next, analysts would automate email phishing responses, which often require threat evaluation, communication follow-up, and remediation that could be entirely automated.
Advanced triage (8.3%): Considering that most respondents to our survey were Level 2 or 3 analysts, they want not just initial triage but advanced triage to be automated, which would let them step in when human decision-making is required.
Attack surface management (7.9%): Analysts also want attack surface management to be automated so that they don't have to spend their time monitoring their infrastructure for issues — which is one of the tasks they said took up most of their day.
Vulnerability management (6%): Similarly, analysts don't want to spend their day monitoring for vulnerabilities — they want to automate those tasks and be looped in when their specialist skills and knowledge are necessary.
Automating for improved impact
What tasks would your team automate? What are some things your team could do with that extra time? SOC leaders need to look for ways to help their teams do their best work. By giving your analysts the ability to automate their mundane and tedious tasks, you'll increase their success, engagement, and enjoyment in what they do.
Want to read the full report?