"Findings from our 2025 SANS SOC Survey reinforce that disconnect. A significant portion of organizations are already experimenting with AI, yet 40 percent of SOCs use AI or ML tools without making them a defined part of operations, and 42 percent rely on AI/ML tools "out of the box" with no customization at all. The result is a familiar pattern."
"AI can realistically improve SOC capability, maturity, process repeatability, as well as staff capacity and satisfaction. It only works when teams narrow the scope of the problem, validate their logic, and treat the output with the same rigor they expect from any engineering effort. The opportunity isn't in creating new categories of work, but in refining the ones that already exist and enabling testing, development, and experimentation for expansion of existing capabilities."
Many SOCs experiment with AI without integrating it into formal operations, leading to inconsistent value and reliability. Survey data show 40 percent of SOCs use AI/ML tools without defining them in operations and 42 percent rely on out-of-the-box tools with no customization. Analysts frequently use AI informally, while leadership lacks models for placement, validation, and workflow suitability. AI can improve capability, maturity, repeatability, staff capacity, and satisfaction when applied to narrowly scoped tasks, validated for logic, and treated with engineering rigor. The highest value comes from refining existing processes, pairing AI with clear review processes, and expanding capabilities through controlled testing.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]