Humans Are Dynamic - Our Tools Should Be Too

Security Operation Centers (SOCs) are being operated by universities, government agencies, and corporations to defend their enterprise networks and identify and thwart malicious behaviors in both networks and hosts. The success of a SOC depends on combining good tools and processes with efficient and effective analysts. During four years of anthropological fieldwork methods to study SOCs, the authors discovered that successful SOC innovations must resolve multiple internal and external conflicts to be effective and efficient. This discovery, guided by activity theory (AT) as a framework for analyzing the fieldwork data, enabled them understand these realities. Their research indicates conflict resolution is a prerequisite for continuous improvement of SOCs in both human and technological aspects. Failure to do so can lead to adverse effects, such as analyst burnout and reduction in overall effectiveness.