Gartner, a leading technology research and advisory company, regularly analyzes trends in various IT fields. One of their key reports is the "Hype Cycle," which tracks the maturity and adoption of different technologies over time. In their latest report on IT Service Management (ITSM), Gartner has identified a significant shift in the cybersecurity landscape – the end of an era dominated by SOAR solutions in the Security Operations Center (SOC). [1]
For over a year, SOAR (Security Orchestration, Automation, and Response) tools have languished in the Trough of Disillusionment, a phase where the technology fails to meet expectations and begins to decline in adoption.
In June 2024, Gartner took the final step, marking SOAR as Obsolete. This extinction event signals the need for a new approach that emphasizes human agency, collaboration, and adaptability. Welcome to the Age of Mammals, where SOC success is built on a foundation of human and machine collaboration.
The deficiencies of DinoSOARs
The SOAR tools that once dominated the SOC landscape and are now being driven into obsolescence have shown their limitations:
1. High initial setup and implementation costs: SOAR tools require substantial upfront investments in software and specialized personnel. This high barrier to entry makes them accessible only to organizations with deep pockets, significant resources, and patience.
2. High ongoing maintenance and support costs: once implemented, SOAR tools demand continuous attention and resources to maintain. Frequent updates and troubleshooting of complex automated workflows leads to escalating operational costs, straining even well-resourced SOCs.
3. Requirement for specialized personnel with extensive coding skills: operating SOAR tools effectively required a team of experts with deep coding and system management skills. This created a bottleneck, as finding and retaining such talent is both challenging and expensive.
4. Integration and interoperability issues with third-party tools and custom connectors: SOAR solutions struggle with integration, often requiring custom connectors and workarounds to interact with third-party tools. This adds complexity and potential security gaps, further diminishing their effectiveness.
5. Unrealistic expectations: perhaps the most critical flaw is the belief that SOAR could be a silver bullet for all security challenges. This misconception can lead to over-reliance on technology, sidelining the crucial role of human judgment and collaboration in security operations.
The dawn of the age of mammals: human-centric SOC
As the dinoSOAR era comes to an end, it's clear that a new approach is needed—one that centers on human agency and fosters collaboration across all levels of experience and trust.
What are the critical success factors for a SOC that leverages the best strengths of people and automation working together?
Human-centric focus: the new approach prioritizes the role of human analysts, recognizing that while automation is essential, it is human insight that drives effective decision-making. Instead of attempting to replace human judgment, this approach uses technology to support and enhance it, automating routine tasks while leaving critical decisions to skilled professionals.
Collaboration across boundaries: modern cybersecurity challenges require collaboration across various levels of experience, trust, and organizational boundaries. This new approach promotes open communication and teamwork, whether within the SOC or across jurisdictions, job roles, and organizations, up and down the supply chain. Effective cybersecurity today is a team effort, and this approach ensures that all stakeholders can work together seamlessly.
Adaptability and flexibility: unlike pure-play SOAR, this approach is built on flexibility. It allows for the seamless transition between manual effort and the integration of different tools and technologies, adapting to the specific needs of the organization. Whether it’s scaling operations to meet growing demands or adjusting strategies to counter emerging threats, this adaptable approach ensures the SOC remains agile and responsive.
Empowering analysts at all levels: in the Age of Mammals, the SOC isn’t just for elite experts; it’s a place where analysts at all levels can contribute. The new approach emphasizes user-friendly tools and interfaces that empower junior analysts to play an active role in security operations, while also providing experienced professionals with the advanced capabilities they need to address complex challenges.
The future of SOC: embracing a human-centric approach
Humans have been the most successful species on the planet because of their ability to collaborate in large numbers, and adapt to their environment. [2]
As we embrace this new approach, the future of the SOC becomes one where human and machine work together in harmony to quickly adapt to new threats.
Technology serves as an enabler, not a replacement for human insight and collaboration. By preserving human agency and enabling teamwork, this approach ensures that SOCs are not only more effective but also more resilient in the face of ever-evolving threats.
The era of dinoSOARs is over, and with it goes the reliance on rigid, high-maintenance tools that failed to live up to their promises. In their place, a new approach has emerged—one that understands the value of human judgment, promotes collaboration across boundaries, and adapts to the unique needs of each organization. Welcome to the Age of Mammals, where a human-centric SOC is not just a possibility, but a necessity for the future.