SOC Teams: Threat Detection Tools Are Stifling Us

  /     /     /  
Publicated : 23/11/2024   Category : security


SOC Teams: Threat Detection Tools Are Stifling Us


Threat detection tools yield too many false positives, security pros say, leading to burnout and resentment.



Security operations center (SOC) practitioners are struggling, thanks to an overwhelming volume of false alarms from their security tools.
A Vectra AI survey of hundreds of cybersecurity professionals revealed a serious gripe that SOC teams have with their software vendors. The
overwhelming volume of false positives
their tools yield is causing burnout, they say, and allowing real threats to slip through the noise.
There wasnt that much of a change from last years results, and honestly it wasnt much of a surprise, says Mark Wojtasiak, vice president of research and strategy at Vectra AI. SOC practitioners are clearly still frustrated with threat detection tools. And, really, what the data tells us is that, more than a threat detection problem, SOC teams have an attack signal problem. The promise of consolidation and platformization have yet to take hold, and what SOC teams really need is an accurate attack signal.
SOCs ingest an average of 3,832 security alerts per day. For a sense of just how unmanageable that might be, consider that an average SOC might be staffed by
a few dozen people, or just a few
, depending on the size of the organization and its investment in security.
The result: 81% of SOC staffers spend at least two hours a day simply sifting through and triaging security alerts. Its no wonder, then, that 54% of Vectra AI respondents said that, rather than making their lives easier, the tools they work with increase their daily workloads, and that 62% of security alerts ultimately just get ignored.
Of course, SOC operators are aware of the implications of ignored security warnings. A full 71% reported worrying every week that theyll miss an attack buried in a flood of less important alerts. And 50% went so far as to say that their threat detection tools are more hindrance than help in spotting real attacks.
The conflict between what operators are dealing with, and what they can handle, is fostering genuine resentment toward vendors. Around 60% of respondents reported that theyve been buying security software mostly just to tick a compliance box, and 47% dont trust these programs outright. A similar percentage (62%) believe that vendors are intentionally, cynically flooding them with alerts so that when a breach occurs, theyre more likely to be able to say: We warned you!
A majority (71%) of SOC practitioners say that vendors need to take more responsibility in failing to prevent breaches.
The most attainable, practical promise of artificial intelligence (AI) is that it will reduce the tedium associated with repetitive jobs, and bolster productivity. And more so than most,
SOC staffers stand to benefit
from exactly that.
In fact, Wojtasiak says, AI is the path to a whole mindset shift. Security thinks in terms of individual attack surfaces: I have a network, endpoints, identities, email, now generative AI (GenAI). OK. Im going to go buy tools to do threat detection across those siloed attack surfaces, then ask a human being to make sense of it all. Thats how security thinking has fundamentally been for the past 10 years, he says.
Modern attackers, he continues, just see one, giant attack surface that they can move around in. So why isnt security thinking the same way? Why arent we looking at threats holistically across the entire attack surface, using AI to piece together detections that are indicative of attacker behavior, correlating those detections, and then giving one integrated signal to the SOC analyst?
Plenty of SOCs are already starting to do just that. About 67% of Vectra AI survey respondents found that AI is already improving their ability to identify and defend against threats, and 73% claimed that thats helped ease their feelings of burnout. Nearly nine in 10 respondents have already boosted their investments in AI, and are planning to go further.
Im [already] hearing about the positive outcomes theyre experiencing as they introduce these new tools — reduced workloads, less burnout, and less sprawl, Wojtasiak reports. The hope is that current frustrations will ease as siloed legacy tools are replaced by AI-powered tools capable of delivering an accurate attack signal.

Last News

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security

▸ Sony, XBox Targeted by DDoS Attacks, Hacktivist Threats ◂
Discovered: 23/12/2024
Category: security

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
SOC Teams: Threat Detection Tools Are Stifling Us