At ByteLife, our strategy centers on listening to our customers and delivering solutions that offer high value and address real needs. Starting in 2023, our cyber portfolio includes top-tier solutions such as Vectra AI, Obrela SOC, and LogStack (which has been a cornerstone of our offerings for over five years, providing robust log management and SIEM capabilities).
For the past five years, we’ve discussed the importance of log management across various domains—from cybersecurity and IT operations to HR, internal affairs, and software development. Today, we are taking the next step forward: SIEM.
With Vectra AI, we offer an intelligent log source that enhances visibility and transparency in security by identifying anomalies and advanced persistent threats (APT) and much more.
The final step in this evolution is the integration of SOC and MRC through Obrela.
At ByteLife, we are committed to supporting you every step of the way, ensuring that you derive maximum value from your investment. We understand how these systems work and are here to make sure they work for you.
Here is interesting reading from Vectra, “Do SOC Professionals Know They’re Spending Almost Two Hours a Day Investigating False Positives?”.
It’s worth to read and also to discuss.
Vectra AI surveyed 119 SOC professionals to find out how they spend their day-to-day.
As organizations grow bigger and their environments expand to a mixture of on-premises and cloud, the day-to-day of a SOC professional becomes more complex. To understand how SOC professionals are spending their time each day, we surveyed over 100 professionals – and found that SOC professionals are spending an overwhelming amount of time and talent on parts of their jobs that can be outsourced and automated.
Top 5 tasks SOC professionals perform daily
SOC professionals do many things within their day, but in this survey, we narrowed it down to 5 main tasks:
- Configuring security posture, including identifying threats, building alerts, and triaging filters
- Tuning rules
- Managing alerts
- Investigating false positives
- Creating reports
Obviously the day-to-day of each SOC professional can look very different depending on their assigned responsibilities and specific roles however, for simplicity’s sake, we focused on these 5 tasks for our survey.
SOC Professionals’ 10-Hour Workday: Key Insights
Did you catch that?
SOC professionals are most likely working 10 hours a day, if not more. We came to this conclusion because the results from the survey suggest that SOC professionals are spending, on average, over 8 hours a day on the 5 security tasks we outlined. Specifically, they are spending 8.7 hours a day within a 5-person SOC team. Considering the typical 8-hour workday of an average corporate employee in the US, SOC professionals are already working more than the typical workday by nearly an hour – and that’s only on the 5 SOC tasks outlined. That doesn’t cover administrative tasks, meetings, and other security-related projects.
And lunch.
SOC professionals are mostly spending their workday managing alerts at an average of 2.56 hours per day. This makes sense as the bulk of their jobs involve securing their organizations from incoming threats. The surprising point is that the next most time-consuming task – investigating false positives which takes up 1.83 hours per day on average. This is nearly 2 hours a day of looking at alerts that end up not being threats at all. Those almost 2 hours could have been dedicated to beefing up security elsewhere in the organization, achieving certifications for business-critical security processes, or even a long, well-deserved lunch break.
Offload, optimize, and automate SOC work with Vectra AI
What we say from this survey is that the current day-to-day for SOC professionals does not need to be that way.
This is where the Vectra AI Platform with its AI-driven integrated signal and seasoned MXDR experts can help today’s SOC professionals offload those precious hours and talents on managing alerts, configuring policies, and investigating false positives. With Vectra MXDR and the Vectra AI Platform, SOC professionals can get coverage, clarity, and control on their security programs without having to sacrifice more time and talent, opening opportunities for them to defend their organization from real threats, build their careers, and mentor other analysts.
What is discussed in this blog is just a brief snapshot of the day-to-day of the SOC professionals we surveyed. To dive deeper into the insights we gathered from this survey and see how much time SOC professionals can optimize and automate, please view our latest eBook.
Want to learn more?
ABOUT VECTRA AI
Vectra® is the leader in Security AI-driven hybrid cloud threat detection and response. The Vectra platform and services cover public cloud, SaaS applications, identity systems and network infrastructure – both on-premises and cloud-based. Organizations worldwide rely on the Vectra platform and services for resilience to ransomware, supply chain compromise, identity takeovers, and other cyberattacks impacting their organization.
ABOUT OBRELA
Obrela delivers real-time, risk aligned cybersecurity that provides an umbrella of defense over every aspect of your business. We focus on risk over threats to bring business perspective to cyber defense to make security scalable, no matter how much your business grows.
With SWORDFISH®, a risk management and managed threat detection and response platform, we deliver predictability over uncertainty, allowing you to orchestrate and control all aspects of cybersecurity. By centralizing security data, we deliver visibility over your entire digital universe. At Obrela, we do more than create better cybersecurity. We create cyber resilience to defend every person, asset and goal your business has. Obrela. Security Over Everything.
ABOUT LOGSTACK
LogStack is a central log management and SIEM service from ByteLife that includes software installation, configuration and administration.
LogStack has been built upon the idea that customers pay for knowledge and experience.
As part of the LogStack service, we install the necessary software packages (for the central management of logs) on the client’s server, configure them to work in the client’s environment, and ensure the ongoing management and maintenance of the solution. The LogStack service is suitable for use on client’s virtual or physical servers, on-prem or cloud resources. Since the solution is mainly based on software distributed under free licenses, it does not come with the “golden handcuffs” and cost, related to licenses and future maintenance costs.
LogStack provides significant added value from a cyber, IT, and data protection perspective (including: applications, development, or other daily IT management). LogStack helps with ISO or E-ITS standards compliance.