Skip to main content

Security teams are getting waylaid by mundane tasks

(Image credit: Image source: Shutterstock/deepadesigns)

With a quarter of all security alerts generated in Security Operations Centers (SOC) turning out to be false positives, security analysts are finding large portions of the day is wasted.

This is according to a new report from SIRP Labs, based on a poll of 250 security analysts, which states that that the average enterprise SOC sees 840 security alerts each day, with a tenth of respondents receiving as many as 5,000.

The average analyst spends roughly a fifth of their time managing security alerts, but this can rise to 50 percent in some cases.

More than half see alert management as a “mundane task (opens in new tab)”, and as the “worst part” of their job. Further, analysts are spending so much time tackling alerts that genuine issues are often missed - and this is a serious problem.

“This study graphically illustrates the human and financial cost of working in a busy, high-pressure security operations center,” said Faiz Shuja, Co-Founder & CEO, SIRP Labs.

“In general, organizations have not done enough to improve upon SOCs’ all too familiar flaws from security tool sprawl to over-reliance on mundane manual processes to missed alerts and false positives."

“It lays bare SOC analysts’ frustrations many of whom would like to see the introduction of more automation to help raise productivity as well as reduce the number of false positives and missed alerts,” he added.

SIRP believes automation is one possible solution to this headache. While less than a third of the triage and incident response process is currently automated, the firm claims there is significant appetite among analysts for greater automation.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.