Security Operations Center (SOC) teams: Threat-detection tools are stifling us

Security operations center (SOC) practitioners are struggling, thanks to an overwhelming volume of false alarms from their security tools.

A Vectra survey of hundreds of cybersecurity professionals revealed a serious gripe that SOC teams have with their software vendors. The overwhelming volume of false positives their tools yield is causing burnout, they say, and allowing real threats to slip through the noise.

“There wasn’t that much of a change from last year’s results, and honestly it wasn’t much of a surprise,” says Mark Wojtasiak, vice president of research and strategy at Vectra AI. “SOC practitioners are clearly still frustrated with threat detection tools. And, really, what the data tells us is that, more than a threat detection problem, SOC teams have an attack signal problem. The promise of consolidation and platformization have yet to take hold, and what SOC teams really need is an accurate attack signal.”

What Does the SOCs Say? Ding Ding Ding

SOCs ingest an average of 3,832 security alerts per day. For a sense of just how unmanageable that might be, consider that an average SOC might be staffed by a few dozen people, or just a few, depending on the size of the organization and its investment in security.

The result: 81% of SOC staffers spend at least two hours a day simply sifting through and triaging security alerts. It’s no wonder, then, that 54% of Vectra respondents said that, rather than making their lives easier, the tools they work with increase their daily workloads, and that 62% of security alerts ultimately just get ignored.

To read the complete article, visit Dark Reading.