Security analysts believe more than half of tasks could be automated

Security industry leaders believe that AI and automation technologies are critical to addressing the complexities of modern security operations, according to Anomali.

AI expected to boost threat detection

In fact, security analysts maintain that up to 57% of their daily tasks could be automated – while 76% of respondents think that AI technology will deliver faster threat detection and personal productivity gains.

47% of respondents reported that their current security operations centers (SOC) do not provide adequate infrastructure visibility, which is critical for detecting and responding to malicious activities, and 87% would like to see multiple technologies consolidated into a single platform to empower the security analyst workflow.

The fear of failure on single point solutions (61% are concerned) has made tech stack consolidation top of mind for these leaders, who also state that “gone are the days” where security professionals don’t assess the overlap in their tooling. Many pointed out they want to be more concrete about what they are getting and what they can do – a professionalization of their security investments.

“Generative AI holds immense potential for security professionals. It is already unlocking transformative capabilities that materially enhance security operations,” said Christian Karam, former CISO at UBS and current senior advisor to Anomali. “However, this technology also presents a challenge – empowering both defensive and adversarial capabilities. In 2024, security leaders must reevaluate their defense strategies, transitioning to more dynamic and adaptable technologies while also augmenting the capabilities of their security teams.”

CISOs plan to consolidate tools rather than add more complexity

88% of respondents will focus their security investments on cloud security, with 55% focused on AI technology. Reskilling initiatives will be critical to advancing this technology within the SOC, as 32% of respondents do not believe they are properly staffed with necessary skill sets.

CISOs plan to consolidate tools rather than add more complexity. 68% of CISOs surveyed are planning to consolidate the number of vendors/tools they use wherever possible. Meanwhile, only 26% of CISOs plan to add new technology to address security gaps and emerging threats.

87% of respondents would like to see multiple technologies consolidated into a single SOC platform. SOC teams typically use many different tools while juggling several vendor relationships – which is both time consuming and increases architectural complexity. Security CTOs and CISOs both recognize this problem, and overwhelmingly agree that consolidated platform solutions could accelerate time to value, while reducing risk.

“Akin to when robots entered the factory floor, a safe and intelligent Copilot is the critical starting point to IT and Security Operations,” said Ahmed Rubaie, CEO, Anomali. “Automating important tasks avails analysts more time to do advanced threat hunting and premium security analytics, while also giving management a layman assessment of their threat landscape. In tandem, the time has come to consolidate legacy technology stacks in one platform (one security data lake) that attains more visibility and derives more impactful actions to protect and drive organizations.”

The report surveyed 150 senior industry professionals – including CISOs and their management teams.