Mitigating the risk as SOC alert analyst and incident responder
Oguntoyinbo, Mayowa (2025)
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2025060420120
https://urn.fi/URN:NBN:fi:amk-2025060420120
Tiivistelmä
The purpose of this thesis is to look at the key roles and challenges that Tier-1 Security Operations Center (SOC) alert analysts and incident responders deal with when managing cybersecurity risks.
The main goal was to pinpoint their duties, evaluate the risks they face, and suggest ways to make SOCs work better. The research took a hands-on approach, pulling together literature reviews, industry reports, and case studies to examine risks like alert fatigue, tricky threats, skill shortages, and problems with tool integration.
The data found that 50-72% of alerts are false alarms, which can lead to analyst burnout. At the same time, advanced threats and zero-day exploits make responding tougher. Suggested solutions included using AI to prioritize alerts, having standard incident responses, and providing ongoing training to tackle the worldwide shortage of about 4.8 million cybersecurity professionals.
These findings give practical ideas for organizations to strengthen their SOCs, reduce response times, and improve cybersecurity readiness, which can help lessen the financial and reputational impacts of cyber threats.
The main goal was to pinpoint their duties, evaluate the risks they face, and suggest ways to make SOCs work better. The research took a hands-on approach, pulling together literature reviews, industry reports, and case studies to examine risks like alert fatigue, tricky threats, skill shortages, and problems with tool integration.
The data found that 50-72% of alerts are false alarms, which can lead to analyst burnout. At the same time, advanced threats and zero-day exploits make responding tougher. Suggested solutions included using AI to prioritize alerts, having standard incident responses, and providing ongoing training to tackle the worldwide shortage of about 4.8 million cybersecurity professionals.
These findings give practical ideas for organizations to strengthen their SOCs, reduce response times, and improve cybersecurity readiness, which can help lessen the financial and reputational impacts of cyber threats.