AI is changing SecOps: What security analysts need to know TechBeacon

The security operations center (SOC) at the University of Texas A&M System serves 11 universities and seven state agencies. But with just seven full-time analysts and a risk-rich environment of 174,000 students and faculty, triaging security events was overwhelming. Security analysts had to look at network flow traffic and logs from disparate systems to determine which security events posed threats that needed investigating. The division of labor was typical: Tier-1 analysts looked at alerts, Tier-2 analysts hunted down likely attacks, and a security engineer dreamed up better ways to make the infrastructure more secure. And even the most knowledgeable analysts took a long time to connect disparate data points to come up with a threat profile.