Understanding and Improving the SOC Analyst ExperienceForrester Researchers on Using AX to Improve the SOC and Security Analyst Workflow
Forrester analysts Allie Mellen and Jeff Pollard discuss their new research on the analyst experience, or AX. AX involves how security analysts perceive their interactions with security products, services and processes, and Mellen and Pollard say it can improve the SOC and security analyst workflow.
The challenge is that security tools are not built with the human analyst in mind, Mellen says. "How does this work for the analyst? How is the analyst affected by this? What does this mean for them? That's what's really important here, and that's what's really missing here," she says.
Pollard says that the concept of a "journey map" exists in the worlds of user experience and customer experience, but not for cybersecurity. "The journey maps and the data that we collected really dive into the plight of the SOC analyst and how they are so let down by the tools and technologies they work with."
The two analysts say that through understanding and focusing on AX, security professionals can find more effective security tools, build better workflows and help security analysts make faster, more accurate decisions.
In a video interview with Information Security Media Group, Mellen and Pollard discuss:
- Forrester's definition of AX and its current state in cybersecurity;
- How the rise in automated tools affects AX;
- How security teams can make AX a key building block of detection and response strategies.
Mellen is a Forrester analyst supporting security and risk professionals. She covers all aspects of security infrastructure and operations - the people, processes and tools of the SOC - including security analysts; security information and event management; security user behavior analytics; security analytics; security orchestration, automation and response; endpoint detection and response; extended detection and response; and SOC metrics. Her research focuses on where analytics, detection, automation and response are headed in the security industry.
Pollard primarily contributes to Forrester's offerings for security and risk professionals. He leads Forrester’s research on the role of the CISO, specializing in topics related to security strategy, budgets, metrics, business cases and presenting to the board. His research also includes security services, featuring global coverage of managed security services, professional security services and security as a service. He also takes an active role in Forrester’s forward-looking research on security innovation, the security market and security predictions.