Building The Future Of Smarter Security Operations

Forbes

20-05-2025

Security teams are overwhelmed, but a smarter, unified approach—powered by AI and streamlined ... More workflows—could finally bring order to the chaos inside the SOC.
Security Operations Centers are meant to be the command hubs of cybersecurity. But many are bogged down by tool sprawl, false alerts and burned-out teams. Splunk's State of Security 2025 report shows that security teams are spending more time maintaining tools than stopping threats—and it's costing them.
I sat down with Michael Fanning, CISO at Splunk, to talk about what insights the reports revealed for him. He summed it up clearly: 'The future SOC is extremely streamlined. Analysts will be freed from mundane, repetitive tasks, so they can apply their expertise where it truly matters: defending the organization.'
SOCs today face a flood of alerts. About 59% of respondents say they get too many, and 55% are dealing with too many false positives. That slows down response times and wears down teams. Nearly half of security professionals say they spend more time managing tools than actually protecting systems.
Fanning noted that this isn't just inefficient—it's demoralizing. Spending an hour on a low-value alert that turns out to be nothing is frustrating, and it adds up fast. Downtime during an incident can cost over $500,000 per hour.
AI is already making a difference in the SOC. About 59% of security leaders say it has improved their team's efficiency. Fanning was surprised by how many teams have already started using it. 'Greater than 50% of the respondents had mentioned that their security operations are already adopting AI in some form or fashion.'
But AI is not a fix-all. It still needs oversight. Only 11% of respondents fully trust AI for mission-critical decisions. Most prefer a 'human-in-the-loop' approach. That means AI helps with repetitive tasks, but people still make the final call.
Fanning put it this way: 'I don't see it as a complete replacement, but more of an aid to help an engineer or an analyst do their job faster than they were before.'
Detection engineering is a top skill for modern security teams—but also one of the hardest to find. About 41% of teams say they lack it. Detection as Code is catching on because it lets teams create, test and improve detections like software. But only a third of organizations are using it regularly.
Fanning stressed that quality detection is key. With good data and smart rules, analysts waste less time and respond faster. Better alerts mean better decisions.
Overwork is a serious problem. More than half of SOCs report staff burnout. Many professionals have even thought about leaving the field.
Some automation can help—but it also raises new questions. If AI handles the basics, how will new analysts learn the fundamentals? Fanning pointed out that his early help desk experience gave him the skills to succeed in cybersecurity. If junior staff skip that step, they may lack the deeper knowledge needed to solve complex problems.
Splunk's own SOC has automated many tier-one tasks. But instead of cutting jobs, they use the freed-up time for higher-priority work. It's about shifting focus, not shrinking teams.
One major problem is tool sprawl. Seventy-eight percent of respondents say their tools don't work well together. That makes fast response harder. When teams adopt a unified platform, they report better results—faster response times, less tool upkeep and stronger coverage.
Security is no longer just a job for the SOC. It takes support from across the company—from HR and IT to legal and engineering. But only a small number of teams always share data across these departments. Fanning says that building those connections is crucial for quicker, more accurate responses.
The future of the SOC is about using people, processes and platforms in a smarter way. That means making thoughtful use of AI, improving detection methods, closing skill gaps and unifying security workflows.
The threats are faster, and the stakes are higher. But the Splunk report suggests that with the right strategy, SOCs can keep up—and even get ahead.