Keeping pace: Modernizing security operations centers for the AI era

YARMOUTH, Maine — Security Operations Centers (SOC), once primarily the domain of IT security teams, are increasingly expanding into the physical security arena as organizations deploy growing numbers of connected cameras, sensors and other Internet-enabled devices. As these systems proliferate, security leaders are struggling to keep pace with rapidly evolving technologies – and the risks they introduce. 

Current estimates in 2026 place the number of connected IoT devices worldwide at roughly 21 billion, according to research by IoT Analytics. 

For the physical security industry, that surge represents both a technical challenge and a significant business opportunity. System integrators are being called on to bridge the divide between traditional physical security infrastructure – such as surveillance cameras and access control – and cybersecurity operations. That convergence, however, often requires rethinking how SOCs are structured and staffed. 

“Most SOCs are still operating as collection tools connected by human effort, and the gap between machine-speed advances and human-speed operations has become a real problem,” said Max Zeumer, director of product marketing for Fortinet, during a recent webcast, “From Alert Fatigue to Action: Using AI and Automation to Modernize the SOC.” 

According to Zeumer, modern SOC transformation depends on three core capabilities: speed, scale and resilience. 

“Where these three considerations come in are when you’re looking at security operations, whether you’re in the early stages or you have an advanced team with all the bells and whistles and tools, you need to be able to defend against attackers,” he said. 

Automation and artificial intelligence (AI) are increasingly viewed as essential to achieving those capabilities. These technologies help SOC teams process large volumes of alerts, reduce manual workloads, prioritize threats, and accelerate incident response – allowing analysts to focus on higher-value tasks rather than routine monitoring, according to Zeumer. 

SOCs should, ultimately, evolve beyond reactive monitoring environments into platforms capable of anticipating and preventing attacks before they escalate, he noted. 

“Modernization should feel like this controlled evolution, and not just operational shock,” he said.