Cybercriminals have more tools than ever to disrupt business operations, steal data for ransom, and manipulate employees into exposing sensitive information. Generative AI (GenAI) is taking those capabilities to new levels by enhancing phishing attacks and enabling audio and video deepfakes.
Security professionals are also facing new pressures from chief executives and corporate boards who increasingly understand the legal, financial, and reputational risks cyber threats pose to businesses.
To find out how these and other developments are shaping the day-to-day experience of cybersecurity professionals worldwide, Trend conducted its inaugural Risk to Resilience World Tour Survey. We surveyed more than 750 cybersecurity professionals in 49 countries, with a focus on four key roles:
- Chief information security officer (CISO)
- Security operations center (SOC) team
- IT operations staff
- Cloud security engineers
This blog explores our findings from SOC team respondents. Check out the full report, The Defenders, to read about the other roles.
SOC around the clock
SOC teams are on the front line of enterprise cybersecurity. Often stretched thin, overwhelmed with alerts, and on duty 24/7, they need integrated solutions to enable effective security operations and full attack surface management.
Too much information
SOC team respondents to the Risk to Resilience World Tour Survey echoed CISOs in citing insufficient team resources as a main challenge. 32% put team size, resources, skills and training gaps at the top of their list. Alert volume and fatigue ranked second at 17%. The two are arguably connected, as under-resourced teams have difficulty keeping up.
To find relief, SOC teams need to break down data silos, better prioritize threats and incidents, catch threats they’re currently missing, and cut out the noise of false positives. Integrating toolsets and telemetry into a single platform with a unified view of the full environment is the goal, with AI-assisted correlation, triage, and analysis to automate and speed up time to action.
Looking to the next generation
When asked what cybersecurity technologies they were most interested in exploring over the coming year, SOC respondents’ top picks were AI and zero-trust architectures. Identity management rounded out the top three with privileged access and identity management (PAM and PIM) mentioned specifically.
Endpoint detection and response (EDR) and network detection and response (NDR) can be combined via the native XDR or integrated next-generation security information and event management (NGSIEM) strategy to meet SOC needs. SOC teams can consolidate with the Trend Vision One™ platform to achieve the best possible integration and manageability.
Teaming up to mitigate risks
Because threats never sleep, SOC teams need to keep an eye on the enterprise environment 24/7. While 27% do this with rotating schedules and another 25% maintain on-call systems, the largest percentage of respondents (33%) rely on managed detection and response (MDR) or managed security service provider (MSSP) offerings. For small companies, MDR and MSSP services can fill critical capacity gaps. In larger organizations, they provide added expert support, follow-the-sun coverage, and peace of mind.
The paths to managing cyber risk are converging
CISOs and security teams battle with resource constraints. IT operations seek greater integration. Cloud security engineers strive for expanded visibility. All of these needs can be addressed with the AI-powered automation, contextualized data, and integration of a platform-based approach to cybersecurity.
Consolidating security within a single platform that can integrate third-party toolsets gives security leaders what they need with more flexibility, greater efficiency, minimized sprawl, and reduced total cost of ownership.
This approach meets security teams where they’re at and respects the investments organizations have made to date, while transforming working models to drive strong user experience and security outcomes. Rich telemetry is more readily available, empowering teams to make more proactive and effective risk remediation decisions.
Trend Vision One delivers the benefits of a platform approach with comprehensive protection, prevention, detection, and response capabilities—all powered by AI and leading threat research and intelligence. It supports diverse hybrid IT environments, automates and orchestrates workflows, and delivers expert cybersecurity services to simplify and converge security operations holistically—all while measuring and communicating overall risk management and performance to stakeholders.
Explore more resources:
- Read the full report
- Intercepting Impact: 2024 Trend Micro Cyber Risk Report
- Explore our Trend Vision One platform