Teams in Security Operations Centers (SOC) increasingly need to balance their attention across vast amounts of information from multiple sources. But while the challenges of situational intelligence and effective incident management and response are becoming more complex, they are certainly not new. Herbert A. Simon had observed the simple but intrinsic connection between information and attention half a century ago:
“… A wealth of information creates a poverty of attention and a need to allocate that attention efficiently among the overabundance of information sources that might consume it.” (1971, Herbert A. Simon – 1975 Turing Award winner, 1978 Nobel Prize winner)
Today, we are constantly connected and suffer from FOMO – the fear of missing out. Keeping up with the infinite flow of information and constant notifications from so many devices continually distracts us from what really matters most.
Now, imagine how this deluge of information challenges the way we prioritize our attention.
(Yes, I can throw some stats here, but does it matter? Our attention span is already so short you will forget it by the end of this post 😉)
WANTED! – only critical information for situational awareness
Imagine a jet fighter pilot who is confronted with too many lights and bleeps during a mission. How many of those are truly necessary for the successful completion of the mission? Do those notifications provide meaningful contextual information? Or are they just noise?
The reality is much of it is noise.
To minimize the noise and ensure success, jet fighter designers work closely with pilots to ensure that only relevant-to-the-moment information is presented to the pilot. This helps the pilot maintain focus on the situation and the mission.
Information overflow – a modern Security Operations Center challenge
An organization’s Security Operation Center (SOC) faces similar challenges. There is simply too much noise.
Like the fighter jet, the SOC is critical to your operation. It is also flooded by enormous amounts of information from numerous systems, sensors, and devices. While that should provide operators with deep awareness, it actually overwhelms resources and increases the risk of missing serious threats.
Exactly like the jet fighter pilot, the ability of the operator to distill only relevant-to-the-moment information may reflect on the entire business’ ability to focus on the situation and deal with threats that put people, assets and intellectual property at risk.
How can you deal with the deluge of information stealing attention in your Security Operations Center?
If you search, you will surely find many techniques you can adopt to reduce abundant information distractions in your day-to-day life. Personally, I reduced the number of visual and audio notifications on my compute and mobile to the bare minimum. I receive no incoming mail notifications on my computer and set my devices to DND at night. But what can an operator in a SOC do to deal with the noise? She cannot ignore every screen, alert and notification. Critical information may be overlooked.
This is exactly the problem our solutions are designed to solve.
We help security teams unlock the power of data trapped in security systems while minimizing the noise, so they can focus on the most critical events.
With our Symphia™ portfolio of solutions, you can connect virtually any system or device to our open and scalable platform – regardless of manufacturer or function. You can connect everything from video cameras and access controls to motion sensors and door alarms. We’ve even connected unique systems like radar and refrigeration units.
Once connected, our solutions collect, corelate and analyze data at scale to produce and deliver centralized, contextual insights so you can focus your attention on identifying threats and reducing risk. With real-time situational awareness, you can make more confident decisions in the moment and take effective action based upon your standard procedures.
Couple that insight with our Symphia NowForce solution, and relevant-to-the-moment information can be delivered to field operators for critical event management. You can now connect operators, responders and citizens in real time for fast incident response, management, and investigations.
Find the information-attention balance for your Security Operations Center
Have no doubt, the volume of data and information is sure to grow for individuals and businesses. While individuals can turn off the noise to maintain flexible information-attention balance, mission critical personnel must carefully balance between information and attention to maintain business operations.
By reducing the noise and capturing the information that matters, you can focus your attention on the mission and avoid the potential of legal, regulatory, financial, and reputational damage.
To learn more about how Cognyte can help your organization balance between information and attention, and how can you take your SOC to the next level, I invite you to read all about it in the Cognyte Situational Intelligence Solutions page, or contact us.