Detection and response everything starts with the Security Operations Center (SOC). It serves as a launching point for many cybersecurity careers, where security analysts serve as apprentices to apprentices. Companies rely on security analysts to identify, classify, investigate, and respond to threats. According to our 2021 State of Enterprise Violation Report, 63% of companies surveyed in the last 12 months have been in breach, and it takes 37 days and an average of 4 2.4 million to recover from a breach. The numbers prove that SOC is important.
But security analysts consider themselves equipped with extremely inadequate equipment, considering criticism of the work they perform. When SOC analysts sit in chairs (swivels) for 8- to 12-hour shifts, before they ever see the opponent’s activity, their battle begins … they have to use technology and processes. These include sealed data, awesome integration, poorly integrated user interfaces from multiple acquisitions masquerading as platforms, and “expert systems” that are both difficult to use. And Hard to master.
That background has helped us identify new – and necessary – trends in security products and services that focus on improving the SOC overall and security analyst workflow: Analyst Experience (AX).
Forrester defines analyst experience:
Security analysts’ perception of their interaction with a specific security product, service and process across different workstreams.
AX builds on a long history of user experience (UX), customer experience (CX), and employee experience (EX). The Rise of Developer Experience (DX) provides a frame of reference for the Practitioner-Based Experience Framework, serving as a blueprint for AX.
AX dares to challenge the status quo with the following questions: What if the portal’s landing page is important for the salesperson during the demonstration, other than the starting point for sales engineers? Five components make up AX: discovery, exploration, classification, determination, and execution.
CX professionals create travel maps to understand the “reality of customers”. AX is the application of travel mapping practice to help security analysts understand their living reality. Each component applies to the journey of a security analyst when working on an event. This workflow exists for the two primary functions of security analysts, but is not limited to: detection and response. These functions include alerting, investigating incidents, confirming severity, making threats, and initiating response.
The AX on the SOC Tech Stack will feature AX: Endpoint Detection and Response (EDR) and Security Orchestration, Automation and Response (SOAR) are the areas where affiliation has begun. The advent of Extended Detection and Response (XDR) and Managed Detection and Response (MDR) predicts the effects of AX. And as we mentioned in our “Security Services Flywheel” blog that every product eventually turns into a service, we hope to see AX there as well.
Our upcoming threat victim research will demonstrate how AX can be incorporated into additional detection and response tasks.
To learn more about AX, see the full report: Analyst Experience (AX): Security Analyst finally avoids the shackles of bad UX.