People-power is a constant challenge. Reliance on purely manual efforts for rule definition and management are going to put you behind the attacker. Out of the box analytics as well as the ability to define custom analytics are crucial as data becomes more prevalent.
A lot of the time is spent by analysts investigating alerts, identifying the true/false positives, scope the alert and then drive a full response. Automation is key to making it all possible, to scaling the analysts.