Organizations are not doing enough to improve SOCs
The average security operations center (SOC) has considerable room for improvement according to a new report from automation and response platform SIRP Labs.
Almost a third (29 percent) of respondents believe missed alerts due to high volumes are a significant, even a serious, problem. In companies of 1,000-2,500 employees the figure rises to 46 percent.
Elsewhere, a quarter of alerts prove to be false positives leaving over half (51 percent) of survey respondents frustrated to a greater or lesser extent with current processes for investigating threats. On average, time spent managing security alerts in staff hours alone is costing organisations over £200,000 ($250,000) a year the study also reveals.
The average enterprise SOC receives 840 security alerts every day, though for 10 percent of respondents the figure is substantially higher at 5,000 a day. A single security analyst earning the industry average salary of £30,957 ($38,965) spends just under one fifth of their time (18 percent) managing security alerts. The alerts are generated by an average of 12 security tools (28 percent) -- although six to 10 (35 percent) is more typical. On average between six and 10 (24 percent) security analysts work in a team -- while three to five (34 percent) is a more typical number.
Currently less than a third (32 percent) of the triage and incident response process is automated. Of the respondents in the study, 76 percent say process automation makes them feel good. This figure is even higher among junior managers (84 percent). This may help explain why the overwhelming majority (75 percent) of security analysts want more process automation, especially as 96 percent of them spend time prioritising alerts based on the risk to the organisation.
Faiz Shuja, co-founder and CEO of SIRP Labs says:
This study graphically illustrates the human and financial cost of working in a busy, high-pressure security operations centre. In general, organisations have not done enough to improve upon SOCs' all too familiar flaws from security tool sprawl to over-reliance on mundane manual processes to missed alerts and false positives.
It lays bare SOC analysts' frustrations many of whom would like to see the introduction of more automation to help raise productivity as well as reduce the number of false positives and missed alerts.
You can get the full report on the SIRP Labs site.