Enter the SOC of the Future in Splunk’s State of Security 2025

SOC leaders that aren’t thinking about the future are already behind — and what’s beyond 2025 is rapid evolution. The breakneck pace of AI innovation, a widening skills gap, and increasingly sophisticated threat tactics will encourage (one could even say force) SOC teams to embrace forward-leaning strategies to stay resilient. 

To uncover what the SOC of the future will look like, Splunk surveyed 2,058 security leaders across nine countries and 16 industries for our latest report, State of Security 2025: The Stronger, Smarter SOC of the Future. The research, conducted in partnership with Oxford Economics, reveals the biggest barriers and most impactful ways to transform the SOC. It turns out that for all the external challenges we worry about, some of the biggest threats to the SOC are internal inefficiencies that prevent teams from doing what they do best:defending the organization. 

In fact, nearly half of respondents (46%) say they spend more time in maintenance mode — for example, configuring and troubleshooting tools — than strategically investigating and mitigating threats. Chasing down alerts is another major source of inefficiency in the SOC, with 59% saying they have too many. And 57% report that they lose valuable time during investigations due to gaps in their data management strategies. All the while, a burgeoning skills gap puts additional pressure on SOC teams, as 52% say their team is overworked.

Navigating all of these challenges requires organizations to step into the SOC of the future — a SOC that embraces AI and automation, advanced detection strategies, and a unified approach to threat detection, investigation, and response.

AI and Detection as Code Clear a Path To Speed and Scale

AI will be a key ingredient in tomorrow’s SOC. We cannot overlook its ability to solve mundane problems, bring in relevant context, and synthesize data — especially when many of us are so short staffed and overwhelmed. Our research reveals high enthusiasm here — applying AI to security workflows is this year’s highest cybersecurity priority. And AI adopters are already seeing impressive productivity gains, with 59% citing moderate to significant efficiency benefits. 

Responsible AI adoption in the SOC means having the right checks and balances in place, so we’re relieved to see that 61% say that they somewhat trust AI for mission-critical activities. After all, our training as security professionals ingrains the mantra ‘never trust, always verify’ into our brains. At the same time, fully writing off AI would result in many missed opportunities. And when it comes to realizing the benefits of generative AI specifically, our respondents are looking towards the future with domain-specific AI to make expert recommendations; 63% agree that this flavor of AI significantly or extremely enhances security operations compared to publicly available tools like ChatGPT.

Besides AI, another path to efficiency is detection as code — an emerging approach that helps defenders stay ahead of new threats by automating and standardizing detection engineering. 

Many SOCs today are still stuck in the past, monitoring what’s happening on the endpoint or simply responding to the threats that their security tools flag, rather than looking for the unknown. The SOC of the future will lean on out-of-the-box thinking, leveraging threat intelligence to proactively seek threats. Teams will immediately build detections for attack techniques that they learn about and research on the fly. 

Detection as code enables those proactive approaches. Our research shows that detection as code will be front and center in the SOC of the future, with 63% saying they would like to frequently or always use this approach in the future (but only 35% use it to this extent today). 

That gap between aspiration and reality could be due to a perception that detection as code can be difficult to implement, but the market has matured and will continue to bring in more offerings that make it approachable. And when teams clear those initial hurdles, the benefits will continue to unfold. For example, over half (52%) say that detection as code enables them to automate workflows — which is a clear path to a more efficient and faster SOC.

Joining Forces In (and Out of) the SOC  

A SOC can’t survive without its tools. Yet when those tools aren’t integrated, they can cause headaches, silos, and blind spots. When I managed a SOC that monitored over 260,000 employees, tools were constantly breaking — and those breakdowns resulted in major turmoil. One seemingly innocuous change in the firewall could take down half the company. 

Our research reinforces that disconnected tools and teams are substantial problems in the SOC; 78% say that their security tools are dispersed, and 69% report that this disconnect creates moderate to significant challenges. 

Most SOCs today are good at managing what they have control over. But when they rely on data from other teams (a common occurrence), they get stuck in a holding pattern. In the future, SOCs will be more connected — in terms of both tools and people. 

Sharing data across security and observability teams is one path to a more connected SOC, although only 9% say they always do so. Those who practice data sharing report major benefits; 78% say that it’s sped up incident detection to a moderate or transformative extent.

External teams like HR and legal should also be able to easily collaborate with the SOC for more efficiency, and integrating with other teams’ ticketing software through a unified platform can make that collaboration easier and faster. Without that collaboration, the SOC is out on an island, hoping that other teams listen — and that’s a tough spot to be in for such a fast-paced function. Our respondents agree that adopting a unified platform leads to faster incident response (59%) and less tool maintenance (53%) — benefits that translate to a more efficient SOC.

Get the full State of Security 2025 report for more findings, including the most important skills for resilience, the role that AI will play in the future SOC, and insights from Splunk experts on how to set your SOC up for success.