Cybersecurity operations in 2024: The SOC of the future

January 17, 2024  |  Theresa Lanowitz

This is part two of a three-part series written by AT&T Cybersecurity evangelist Theresa Lanowitz. It’s intended to be future-looking, provocative, and encourage discussion. The author wants to assure you that no generative AI was used in any part of this blog.

Part one: Unusual, thought-provoking predictions for cybersecurity in 2024

Part three: Four cybersecurity trends you should know for 2024

With the democratization of computing comes attack surface expansion. According to Gartner, 91% of businesses are engaged in some form of digital initiative, and 87% of senior business leaders say digitalization is a priority. 89% of all companies have already adopted a digital-first business strategy or are planning to do so.

The more digital the world becomes the greater the attack surface. This is simply a fact. Securing that ever-expanding attack surface is where we will see innovation.

The security operations center (SOC) must modernize to keep pace with the always-on and digital-first world delivered through innovations such as edge computing, AI, and IoT. The SOC of the future will need to expand to address:

Edge computing

Edge computing is happening all around us. Defined by three primary characteristics: software-defined, data-driven, and distributed, edge computing use cases are expanding to deliver business outcomes.

Edge computing is a sea-change in the world of computing.

As edge use cases deliver business value and competitive advantage, the technology changes – networks with lower latency, ephemeral applets, and a digital-first experience, are the requirements for all edge computing use cases.

Edge computing needs to be embraced and managed by the SOC. There are diverse endpoints, new software stacks, and a rapidly changing attack surface that needs to be mapped and understood.

In 2024, expect to see SOC teams, with roles that include security engineer/architect, security analyst, SOC manager, forensics investigator, threat responder, security analyst, and compliance auditor, begin to determine how edge computing needs to be secured. SOCs will explore various management activities, including understanding diverse and intentional endpoints, complete mapping of the attack surface, and ways to manage the fast-paced addition or subtraction of endpoints.

Application security

Without a doubt, we are living in a world built on software. Software is only as secure as the development requirements. Software controls our traditional applications that are still batch-based, sigh, and near-real-time edge interactions. Software is how the world works.

With innovations in computing, software is changing; it is no longer about graphical user interface (GUI) applications that require some keyboard input to produce output. Edge computing is taking software to the next level of sophistication, with non-GUI or headless applets becoming the norm.

While the software bill of materials (SBoM) requirements advance the cause of application security, edge computing and its reliance on functioning, performant, and secure software will make application security a necessity.

In 2024, expect to see software engineering practices emphasizing security emerge. Simply being able to write code will no longer be enough; developers will increase their sophistication and require more security expertise to complement their already deep skill sets. Educational institutions at secondary and university levels are already advancing this much-needed emphasis on security for developers and software engineering.

Data security

The next generation of computing is all about data. Applications, workloads, and hosting are closer to where data is generated and consumed. It’s all about a near-real-time, digital-first experience based on the collection, processing, and use of that data.

The data needs to be free of corruption to assist with making or suggesting decisions to the user. This means the data needs to be protected, trusted, and usable.

In 2024, expect data lifecycle governance and management to be a requirement for business computing use cases. Data security is something a SOC team will begin to manage as part of its responsibility.

Endpoints will expand to embrace new kinds of data capture

Endpoints are diversifying, expanding, and maturing. Industry analyst firm IDC projects the worldwide spending on IoT to surpass $1 trillion in 2026. The 2023 AT&T Cybersecurity Insights Report shows 30% of participants expanding their endpoints to include new diverse and intentional assets such as robots, wearables, and autonomous drones – while 48% use traditional endpoints such as phones, tablets, laptops, and desktops. Endpoints are critical to business.

Today, most SOCs offer some endpoint detection and response (EDR) or extended detection and response (XDR). However, how are SOC teams preparing to precisely identify the status, location, make, and model of this rapidly expanding world of endpoints?

In a world of computing comprised of diverse and intentional endpoints, SOC teams need to know the precise location of the endpoint, what it does, the manufacturer, whether the firmware is up to date, if the endpoint is actively participating in computing or if it should be decommissioned, and a host of other pieces of pertinent information. Computing is anywhere the endpoint is – and that endpoint needs to be understood at a granular level.

In 2024, expect startups to provide solutions to deliver granular details of an endpoint, including attributes such as physical location, IP address, type of endpoint, manufacturer, firmware/operating system data, and active/non-active participant in data collection. Endpoints need to be mapped, identified, and properly managed to deliver the outcomes needed by the business. An endpoint cannot be left to languish and act as an unguarded entry point for an adversary.

In addition to granular identification and mapping of endpoints, expect to see intentional endpoints built to achieve a specific goal, such as ease of use, use in harsh environments, and energy efficiency. These intentional endpoints will use a subset of a full-stack operating system. SOC teams must manage these intentional endpoints differently than endpoints with the full operating system.

Look for significant advancements in how SOCs manage and monitor endpoints.

Mapping the attack surface

The attack surface continues to expand. We continue to add diverse endpoints and new types of computing. As we add new computing, legacy computing is not retired – complexity and the attack surface continue to grow.

SOC teams of the future need to visually understand the attack surface. This sounds simple, but it isn't easy to distill the complex into a simple representation.

In 2024, expect SOC teams to seek a way to easily map the attack surface and correlate relevant threat intelligence to the mapping. To effectively do this, other aspects of the SOC of the future will need to be realities.

I’ll be talking about this a lot more in 2024 as we endeavor to provide you with insights on how the industry is changing as we move forward. Bookmark our blog. There is a lot of great information coming in the months ahead.


Share this with others

Featured resources


Insights Report

2023 AT&T Cybersecurity Insights Report: Edge Ecosystem



2023 AT&T Cybersecurity Insights Report: Edge Ecosystem

Get price Free trial