AI in the SOC: Enhancing Efficiency Without Replacing Human Expertise

Originally published by Abnormal Security.

Written by Mick Leach.

The quickened pace of AI development and release of tools like ChatGPT mark a fundamental shift in the AI conversation—moving from “what could happen” to “what will happen.”

One topic that gets a significant amount of attention is whetherAI will start replacing humans in so-called “knowledge worker” jobs—those roles that require some specialized knowledge, whether an architect, pharmacist, engineer, or even a cybersecurity practitioner.

Of course, that last role is the one I intend to focus on in this article, but many of these same points on why AI will not entirely replace the need for humans in cybersecurity can be repurposed to reassure your neighborhood pharmacist.

AI will enable cybersecurity professionals to work more efficiently. It will automate time-consuming manual tasks that are often a critical, but mundane chore—something like sifting through user-reported emails. You need to get through them to determine whether real threats are present, but that time spent on manual analysis could be better spent investigating higher fidelity alerts or threat hunting.

How AI Enhances Cybersecurity Effectiveness and Levels the Skill Playing Field

Unfortunately, some cybersecurity jobs may not be immune to this AI renaissance. In fact, Rohit Ghai, CEO of RSA, noted just that at the 2023 RSA Conference. But Rohit was hopeful that AI and humans could co-exist. The Jevons Paradox points to this outcome, indicating that coexistence will become a flourishing AI-enabled security practice.

But what is the Jevons Paradox? Help Net Security highlights this economic paradox as a potential indicator for future growth in cybersecurity roles. The paradox occurs when technological advances increase resource efficiency, lowering costs of that resource, and increasing demand. Help Net Security uses the advent of ATMs in the 1970s as an example parallel to the potential effects of AI. When the ATM was introduced, it was assumed that bank branches would close and branch staff would decrease. However, branch opening increased by 40+%, and while the staff per branch decreased slightly, overall bank staff followed the uptrend.

Relating this to cybersecurity, AI may shrink the amount of manual tasks that can be automated which could lead to certain types of security jobs being eliminated or transformed, but by increasing overall efficiency (whether for investigations, initial threat detection, or response), there will be demand for more security professionals as teams now have a greater capacity to combat threats.

Demand for Skilled Cybersecurity Professionals Continues to Rise

This is not simply opinion or based on esoteric economic concepts. The US Bureau of Labor Statistics predicts the cybersecurity field will grow by 32% through 2032, noting that this is “much faster than average.” Demand for skilled cybersecurity professionals shows no signs of slowing, and AI app security provider Mobb’s CEO Eitan Worcel notes AI will not only support this new wave of security workers but ideally shrink the yawning skills gap. “It’s not about replacing humans; it’s about enhancing human capabilities with the power of machines.”

While AI can automate the correlation of data events, and even triage those events by making decisions based on past information to determine whether those events are anomalous, we’ll still need humans to make the cognitive leaps that are required to fully analyze anomalous activity.

Instead of an under-resourced security team drowning in hundreds of alerts, unable to tell a false positive from a legitimate threat, AI will reduce and refine the noise. This allows for security teams to grow without the need for intensive upskilling, better on-the-job training, and less burnout.