With a quarter of all security alerts generated in Security Operations Centers (SOC) turning out to be false positives, security analysts are finding large portions of the day is wasted.
This is according to a new report from SIRP Labs, based on a poll of 250 security analysts, which states that that the average enterprise SOC sees 840 security alerts each day, with a tenth of respondents receiving as many as 5,000.
The average analyst spends roughly a fifth of their time managing security alerts, but this can rise to 50 percent in some cases.
More than half see alert management as a “mundane task (opens in new tab)”, and as the “worst part” of their job. Further, analysts are spending so much time tackling alerts that genuine issues are often missed - and this is a serious problem.
“This study graphically illustrates the human and financial cost of working in a busy, high-pressure security operations center,” said Faiz Shuja, Co-Founder & CEO, SIRP Labs.
“In general, organizations have not done enough to improve upon SOCs’ all too familiar flaws from security tool sprawl to over-reliance on mundane manual processes to missed alerts and false positives."
“It lays bare SOC analysts’ frustrations many of whom would like to see the introduction of more automation to help raise productivity as well as reduce the number of false positives and missed alerts,” he added.
SIRP believes automation is one possible solution to this headache. While less than a third of the triage and incident response process is currently automated, the firm claims there is significant appetite among analysts for greater automation.
- IT teams are drowning in alert storms (opens in new tab)