25 percent of security analysts' time is wasted on false positives

Security analysts in US enterprises spend around a quarter of their time chasing false positives because security alerts or indicators of compromise (IOCs) are erroneous.

This is among the findings of research carried out by Exabeam and the Ponemon Institute which also shows that security teams must evaluate and respond to nearly 4,000 security alerts per week.

While false positives are the largest drain on resources, the study also shows that investigating actionable intelligence and building incident timelines; and cleaning, fixing and/or patching networks, applications and devices resulting from an incident each take over 15 percent of a security team’s time.

The report also highlights the need for security operations centre (SOC) productivity improvements. It shows the use of security information and event management (SIEM) technology can reduce the time enterprises spend on security tasks by up to 51 percent.

Interestingly in around 80 percent of companies, SIEM solutions don't help reduce headcount costs. Instead, improved productivity allows security leadership to better deliver on their existing mandates.

"Our research determined that SIEMs, Exabeam's in particular, save time, increase productivity and improve security effectiveness for security teams," says Larry Ponemon, chairman and founder of the Ponemon Institute. "Exabeam provides enterprise security teams with the gift of time through a compelling user-based pricing model and modern features like behavioural analytics, machine-built timelines, automated incident response playbooks, and use case-specific content such as parsers, rules, models, playbooks and reports."

The full report is available from the Exabeam site.

Image credit: aldorado / Shutterstock