71 percent of organizations may have been breached and not know it
A new survey of over 2,000 IT security analysts finds that 71 percent admit their organization may have been compromised and they don't know about it yet.
The study, from Vectra AI, details how analysts are being overwhelmed, as they receive 4,484 alerts on average per day, but can't cope with 67 percent of them. This leads 97 percent to worry that they'll miss important security events.
The number of security tools (70 percent) and alerts (66 percent) they manage, has significantly increased in the past three years. This is creating a 'spiral of more' which threatens to overwhelm analyst's ability to respond quickly to alerts and manage breaches and is causing them to think about leaving their roles. 67 percent of SecOps analysts are considering or are actively leaving their jobs.
The most common reason analysts give for leaving or considering leaving their role is spending too much time sifting through poor quality alerts (39 percent).
"As enterprises shift to hybrid and multi-cloud environments, security teams are continually faced with more - more attack surface, more attacker methods that evade defenses, more noise, more complexity, and more hybrid attacks," says Kevin Kennedy, senior vice president of products at Vectra AI. "The current approach to threat detection is broken, and the findings of this report prove that the surplus of disparate, siloed tools has created too much detection noise for SOC analysts to successfully manage and instead fosters a noisy environment that’s ideal for attackers to invade. As an industry, we cannot continue to feed the spiral, and it's time to hold security vendors accountable for the efficacy of their signal. The more effective the threat signal, the more cyber resilient and effective the SOC becomes."
Among other findings, 39 percent say there's so much noise, it's only a matter of time until they miss something. 39 percent believe the security tools they work with increase their workload rather than reduce it.
What's more 41 percent agree that security vendors flood analysts with pointless alerts because they are afraid of not flagging a breach. Less than a third of security analysts believe their tools are 'very effective', as they acknowledge the same tools are responsible for fostering a growing number of blind spots and facilitating alert overload.
The full report is available from the Vectra site.