Too many alerts lead security pros to worry they'll miss an attack
A new report reveals that 71 percent of security operations center practitioners worry they will miss a real attack buried in a flood of alerts, while 51 percent believe they can't keep pace with the increasing number of security threats.
The report from Vectra AI shows 47 percent of SOC practitioners don't trust their tools to work the way they need them to work, while 54 percent say the tools they work with actually increase the SOC workload instead of reducing it.
Tool sprawl is an issue too with 73 percent saying they have more than 10 tools in place and 45 percent having more than 20 tools. 62 percent of teams have either recently adopted or are exploring extended detection and response (XDR) solutions.
Many respondents find themselves pushing aside critical tasks to manage the overwhelming alert volume they receive, leading to dissatisfaction not only with the tools but also with the vendors providing them. 60 percent say vendors are selling threat detection tools that create too much noise and too many alerts, while 71 percent say vendors need to take more responsibility for failing to stop a breach.
Security practitioners also continue to struggle with alert accuracy, with a significant number of alerts going unaddressed due to time constraints and insufficient tool support. 81 percent say they spend more than two hours per day digging through and triaging security events. In addition 50 percent say their security tools are more of a hindrance than help when it comes to spotting real attacks, noting that realistically, they are only able to deal with 38 percent of the alerts they receive, while they would classify 16 percent of them as 'real attacks.'
A worrying 60 percent say a lot of their security tools are bought as a 'box ticking' exercise for compliance. However, there is confidence in AI to help solve these issues, 85 percent say their level of investment and use of AI has increased in the last year, with 67 percent noting that AI has had a positive impact on their ability to identify and deal with threats. 75 percent say AI has reduced their workload in the past 12 months, while 73 percent say AI has reduced feelings of burnout in the past 12 months.
"It's promising to see that confidence is growing among security practitioners; however, it's clear they are becoming increasingly frustrated with their current threat detection tools which, due to a lack of integrated attack signal, often create additional work rather than streamline the process. The data suggests that the tools being used for threat detection and response, along with the vendors who sell them, aren't holding up their end of the deal," says Mark Wojtasiak, vice president of research and strategy at Vectra AI. "Teams believe AI delivers an attack signal that will help them identify and prioritize threats, accelerate response times, and reduce alert fatigue, however, trust needs to be rebuilt. AI-powered offerings are proving to have a positive impact, but to truly re-establish trust, vendors will need to show how they add value beyond just the technologies they sell."
You can find the full report on the Vectra site.
Image credit: appleboy/depositphotos.com