By Jon Oltsik – According to ESG research, 52% of organizations believe that security operations are more difficult today than they were two years ago, due to factors such as the dangerous threat landscape, growing attack surface, and the volume/complexity of security alerts. In analyzing this data, I see a common theme: scale. Security teams must be able to scale operations to deal with the increasing volume of everything coming at them. Faced with a global cybersecurity skills shortage, CISOs need alternatives to hiring their way out of this quagmire.

How can organizations proceed? By automating security operations processes. ESG research reveals that nearly half (46%) of security operations center (SOC) teams are automating security operations processes “extensively,” while another 44% are automating security operations processes “somewhat.”

When it comes to security operations process automation, one might equate this activity with security orchestration, automation, and response (SOAR) technology. In some cases, this is a correct assumption, as 37% of organizations use some type of commercial SOAR tools. Interestingly, more than half (53%) of organizations eschew SOAR, using security operations process automation functionality within other security technologies instead – security information and event management (SIEM), threat intelligence platforms (TIPs), IT operations tools, or extended detection and response (XDR), for example. Those organizations using SOAR admit that it is no day at the beach – 80% agree that using SOAR was more complex and time consuming than they anticipated. Read On: