Advancing Security Operations Centers: Modern Use Cases, MITRE ATT&CK Integration, and Coverage Optimization in 2025

Abstract

The frequency of cybersecurity threats has risen considerably over the years. Furthermore, these attacks have become increasingly complex and costly. The total damage worldwide is estimated to go beyond USD 10.5 trillion per year by 2025 (Cybersecurity Ventures, 2025). Such an increasingly threatening environment requires organizations to take stronger security measures as a matter of great importance. SOCs are instrumental in organizations' security plans, as they provide ongoing checks of IT environments, facilitate the quick identification of breaches, and coordinate incident mitigation measures to prevent potential harm. This research paper employs the design science method to develop an image of detection coverage mapping and a visualization interface that helps correlate enterprise event logs with the MITRE ATT&CK tactics and techniques for identification. The study has been updated with various industry datasets, including IBM's 2025 Cost of Data Breach Report, Verizon's DBIR 2025, and ENISA's Threat Landscape 2024, which serve as the basis for the assessment. The study indicates that the implementation of AI-supported SOCs can significantly reduce the mean-time-to-detect (MTTD) by almost 40%, resulting in a notable performance increase for the threat detection system. Our research suggests that the first/primary way of managing SOCs (Security Operations) concerns by human analysts trained comprehensively and assisted by intelligent automation is the most acceptable. Additionally, the incessant adaptation of the MITRE ATT&CK framework as a benchmark and the launch of the targeted budget planning to advance detection and security quality were among the key points raised.