174,000 Alerts per Week Besiege Security Teams
Analysts in the security operations center (SOC) have long been overwhelmed with the noise coming from the increasing number of alerts. According to Demisto’s second annual State of SOAR Report, alerts are on the rise, leaving today’s security teams bombarded with 174,000 per week.
The report found that security teams were only able to review and respond to about 12,000 alerts each week, in part because they do not have enough people to keep pace with the number of alerts. Approximately 79% of survey participants said that the lack of qualified candidates leaves their mean time to respond (MTTR) for resolving incidents at an average 4.35 days.
The report also found that it takes an average of eight months to train security analysts to be effective, only to have a quarter of those professionals switch to a new company within two years.
“Today’s business landscape is a balancing act between technological progression and security. Workplace changes and technical innovations have made it easier to do business, but securing these diverse advances is an enormous task that falls upon overworked security teams,” said Rishi Bhargava, co-founder of Demisto.
In addition, the report found a lack of cohesive standards that help to streamline processes for security teams. A full 75% of respondents reported that they are fairly or very challenged by working with multiple security tools. When it comes to measuring incident response metrics, 42% of participants said they don’t have a system in place. More than half either do not have playbooks or have playbooks that are rarely updated.
“Security deployment is fractured due to innumerable specialized tools, making it difficult for security teams to manage alerts across disparate systems and locations, particularly considering the talent shortage present in security today,” said Bhargava.
“We’ve seen plenty of research that highlights the unending growth in security alerts, a widening cybersecurity skills gap, and the ensuing fatigue that is heaped upon understaffed security teams. That’s why we conducted this study – to dig deeper into these issues, their manifestations, as well as possible solutions. Our results produced captivating insights into the state of SOAR in businesses of all sizes.”
Source: Information Security Magazine