The Need for Connected Security Operations Amid Rising Cyber Threats and Challenges

On May 20, 2025, Splunk, a prominent leader in cybersecurity and observability, released its latest report, the "State of Security 2025," which sheds light on escalating challenges within Security Operations Centers (SOCs). The study indicates pressing issues that compromise organizational security, revealing that a staggering 46% of respondents dedicate more time to tool maintenance rather than actual security defense. Compounding this dilemma is the finding that only 11% fully trust artificial intelligence (AI) for critical tasks.

Emerging Threats and the Importance of Preparedness

The report underscores that nearly 66% of organizations experienced a data breach over the past year, marking a rapid increase in security incidents. As organizations face not just traditional security threats but new, AI-driven attacks, the necessity for robust security systems is more critical than ever. Michael Fanning, Splunk’s Chief Information Security Officer (CISO), emphasized that while AI enhances threat detection, it cannot replace human oversight in cybersecurity operations.

Fanning articulated the delicate balance of integrating AI technology to improve human capabilities rather than allowing it to take control of SOC processes. This sentiment was echoed by Nate Lesser, CISO at Children’s National Hospital, who highlighted the pressures that security teams face due to growing workloads, alert fatigue, and a shortage of trained personnel. Lesser argued that embracing AI and automation is vital in overcoming these operational hurdles.

Operational Inefficiencies and Their Impacts

The findings expose the significant inefficiencies that hinder SOC effectiveness, with 59% of respondents attributing tool maintenance as the primary bottleneck. A fragmented security tool environment compounds these issues. A notable 78% of security leaders reported that their systems are disconnected, creating moderate to significant challenges, especially when quick responses to incidents are required.

SOC teams face additional burdens such as excessive alert notifications, as 59% of respondents indicated encountering too many alerts while 55% find themselves addressing numerous false positives. These complications drain time and resources, ultimately affecting the speed at which analysts can address potential threats.

Faced with High Stress and Understaffing

The pressures do not end with operational inefficiencies: SOC analysts are feeling the stress of high workloads, leading to severe burnout. According to the report, 52% of analysts feel overworked, while an equal percentage considered leaving the cybersecurity field due to stress and unrealistic expectations from their superiors. Finding and retaining personnel is now a growing concern for organizations as they grapple with evolving threats.

AI's Role in Enhancing Security Operations

Despite these challenges, the report indicates that organizations are increasingly leveraging AI to optimize their operations. A notable 59% of organizations reported moderate to significant efficiency boosts due to AI integration. Additionally, this year, over half (56%) prioritized employing AI in security workflows, while one-third aim to fill skill gaps with AI solutions.

Remarkably, 63% of respondents believe that domain-specific AI could significantly improve security operations compared to publicly available tools. Importantly, organizations are keeping personnel in the cybersecurity loop to ensure that AI-enhanced processes yield reliable outcomes. The top three tasks where GenAI proves beneficial within SOCs include threat intelligence analysis (33%), querying security data (31%), and writing or editing security policies (29%).

Unified Approach to Security Operations

The report advocates for a unified approach to security operations, suggesting that reducing tool maintenance represents just the beginning of operational improvements. Those who engage in a collaborative security and observability paradigm experience enhanced investigations with quicker event detection and remediation. Notably, 78% of organizations that share information between teams noted faster incident detection, while 66% reported significant improvements in remediation times.

In conclusion, Splunk's "State of Security 2025" report elucidates the various challenges facing modern cybersecurity operations and the importance of adopting a connected and integrated approach. With threats continually evolving, organizations must embrace the dual forces of technology and human expertise to build a resilient defense against cyber incidents. For further insights, the full report can be accessed here.