Security staff suffering alert fatigue as report volumes increase
According to a new study, 70 percent of security teams have seen more than double the volume of security alerts in the past five years. These high volumes of reports cause problems for IT security teams with 83 percent saying their security staff experience 'alert fatigue'.
The survey conducted by Dimensional Research on behalf of continuous intelligence specialist Sumo Logic also shows that while automation is helpful it isn't a complete solution.
The results reveal that 65 percent of teams with high levels of automation resolve most security alerts the same day compared to just 34 percent of those with low levels of automation. 92 percent agree automation is the best solution for dealing with large volumes of alerts, and 75 percent report they would need three or more additional security analysts in order to address all alerts on the same day.
Security information and event management solutions come under scrutiny too, with 88 percent saying they face challenges with their current SIEM. 84 percent see many advantages in a cloud-native SIEM for cloud or hybrid environments, while 99 percent believe they would benefit from additional SIEM automation capabilities.
"Enterprises are arguably dealing with more data today than ever before and the pain security operations teams are feeling is significant. There's never been a more important time to ensure IT security operations are up to par," says Greg Martin, general manager for the security business unit at Sumo Logic. "Companies need to adopt solutions that let them quickly identify, prioritize and respond to only the most critical warning signals, so that they’re not left drowning in alert overload with no direction. Our Cloud SIEM Enterprise solution fits this need and also offers rapid deployment, quick time-to-value, ease-of-use and a unified data model."
The full 2020 State of SecOps and Automation report is available from the Sumo Logic site.
Photo Credit:Sergey Nivens/Shutterstock