AI in the SOC: Enhancing Efficiency Without Replacing Human Expertise

Discover how AI is revolutionizing Security Operations Centers (SOCs) by enhancing efficiency and effectiveness while preserving the invaluable expertise of human analysts.
November 2, 2023

The quickened pace of AI development and release of tools like ChatGPT mark a fundamental shift in the AI conversation—moving from “what could happen” to “what will happen.”

One topic that gets a significant amount of attention is whetherAI will start replacing humans in so-called “knowledge worker” jobs—those roles that require some specialized knowledge, whether an architect, pharmacist, engineer, or even a cybersecurity practitioner.

Of course, that last role is the one I intend to focus on in this article, but many of these same points on why AI will not entirely replace the need for humans in cybersecurity can be repurposed to reassure your neighborhood pharmacist.

AI will enable cybersecurity professionals to work more efficiently. It will automate time-consuming manual tasks that are often a critical, but mundane chore—something like sifting through user-reported emails. You need to get through them to determine whether real threats are present, but that time spent on manual analysis could be better spent investigating higher fidelity alerts or threat hunting.

How AI Enhances Cybersecurity Effectiveness and Levels the Skill Playing Field

Unfortunately, some cybersecurity jobs may not be immune to this AI renaissance. In fact, Rohit Ghai, CEO of RSA, noted just that at the 2023 RSA Conference. But Rohit was hopeful that AI and humans could co-exist. The Jevons Paradox points to this outcome, indicating that coexistence will become a flourishing AI-enabled security practice.

But what is the Jevons Paradox? Help Net Security highlights this economic paradox as a potential indicator for future growth in cybersecurity roles. The paradox occurs when technological advances increase resource efficiency, lowering costs of that resource, and increasing demand. Help Net Security uses the advent of ATMs in the 1970s as an example parallel to the potential effects of AI. When the ATM was introduced, it was assumed that bank branches would close and branch staff would decrease. However, branch opening increased by 40+%, and while the staff per branch decreased slightly, overall bank staff followed the uptrend.

Relating this to cybersecurity, AI may shrink the amount of manual tasks that can be automated which could lead to certain types of security jobs being eliminated or transformed, but by increasing overall efficiency (whether for investigations, initial threat detection, or response), there will be demand for more security professionals as teams now have a greater capacity to combat threats.

Demand for Skilled Cybersecurity Professionals Continues to Rise

This is not simply opinion or based on esoteric economic concepts. The US Bureau of Labor Statistics predicts the cybersecurity field will grow by 32% through 2032, noting that this is “much faster than average.” Demand for skilled cybersecurity professionals shows no signs of slowing, and AI app security provider Mobb’s CEO Eitan Worcel notes AI will not only support this new wave of security workers but ideally shrink the yawning skills gap. “It’s not about replacing humans; it’s about enhancing human capabilities with the power of machines.”

While AI can automate the correlation of data events, and even triage those events by making decisions based on past information to determine whether those events are anomalous, we’ll still need humans to make the cognitive leaps that are required to fully analyze anomalous activity.

Instead of an under-resourced security team drowning in hundreds of alerts, unable to tell a false positive from a legitimate threat, AI will reduce and refine the noise. This allows for security teams to grow without the need for intensive upskilling, better on-the-job training, and less burnout.

Abnormal Builds Good AI and Good UI to Help Practitioners Succeed

Abnormal is an AI-native cloud email security solution, providing automated detection and remediation long before the current AI frenzy. And in the time Abnormal has existed it’s become one of the fastest-growing cybersecurity providers and one of the most popular cybersecurity solutions on review sites like G2.

It’s anecdotal, but often those reviews are penned by security pros who do not have -ISO at the end of their title. So, we can say with some confidence that the introduction of email security automation has not led to a sudden elimination of cybersecurity roles across our customer base. In fact, in a recent conversation, one of our customers shared, “I clearly don't want to replace my staff. I use [AI] to enable them to do a better job.”

If anything, Abnormal allows security practitioners to focus on higher-priority tasks, saving security teams 15+ hours per week on average—time that would otherwise be spent investigating email security threats or configuring rules for a legacy gateway. Even Abnormal’s portal UI is architected to be easy to understand by everyone from the CISO down to the SOC intern. Complexity for the sake of complexity gets in the way of efficient investigation. Yes, we all work in technology and often want to feel like we work in technology through custom rule writing and knobs and dials—but AI and good design will make security more accessible, more strategic, and no, it probably won’t take your job.

Interested in learning what Abnormal Security can do for your organization? Request a demo today.

Schedule a Demo
AI in the SOC: Enhancing Efficiency Without Replacing Human Expertise

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

Integrates Insights Reporting 09 08 22

Related Posts

B Complex Case of Account Compromise Blog
Discover how Abnormal helped one organization detect the sophisticated tactics an attacker used to compromise an employee's email account.
Read More
B Cross Platform Account Takeover
Discover the dangers of cross-platform account takeover, the challenges of detecting this attack, and how to implement proactive protection against ATO.
Read More
B 5 17 24 Legal
Learn how cybercriminals use superficial disclaimers to deceive others while facilitating illegal activity on cybercrime forums.
Read More
B Cybersecurity Influencers Blog 2024
Stay up to date on the latest cybersecurity trends, industry news, and best practices by following these 15 innovative and influential thought leaders on social media.
Read More
B 5 13 24 Docusign
Cybercriminals are abusing Docusign by selling customizable phishing templates on cybercrime forums, allowing attackers to steal credentials for phishing and business email compromise (BEC) scams.
Read More
Abnormal employees honored as CRN 2024 Women of the Channel for their influential leadership in the tech industry.
Read More