Splunk articulated a vision of security analytics/operations for 2020 that included 10 areas:
Data ingestion. Collecting and processing a growing body of security telemetry.
Detection. Finding and blocking known threats
Prediction. Using advanced analytics to identify new attacks and then spreading the warning around to all connected customers.
Automation. Automate all pedestrian tasks and accelerate more complex tasks.
Orchestration. Use APIs to connect security controls together for investigations and remediation actions.
Recommendation. Monitor and record security operations and then recommend proven actions to the SOC team.
Investigation. Provide intuitive tools to figure out what cyber-attacks are happening and why they are happening.
Collaboration. Offer a workbench for security operations while connecting to collaboration tools like Slack.
Case management. Deliver a security-centric tracking system that spans security incident management lifecycles.
Reporting. Providing a central place to measure all aspects of reporting.
I would add integration (i.e. SOAPA functionality for data management services, software services, etc.) and outsourcing (i.e. choosing which security operations tasks to delegate to partners), but Splunk’s list is pretty complete.To read this article in full, please click here