Based on the sophistication and constant change of the threat landscape in the cyber space, many mature organizations have identified the necessity to improve the detection, analysis and response capabilities of their Security Operation Center (SOC). Currently, security analysts are often engaged with trivial copy-paste or other annoying low-level tasks rather than gaining a deep understanding of the modus operandi of relevant threat actors and preparing the organization to defend against the risk they pose to it.

Before we can answer the question, whether a Security Orchestration, Automation and Response (SOAR) solution, the introduction of Threat Hunting or both would be the right course to take in order to improve the SOC, we first need to understand how a SOC is currently operating.