Almost three-in-four (70 per cent) organisations struggle to keep up with the volume of alerts generated by security analytics tools, according to the latest ESG study commissioned by Kaspersky.
The report, titled SOC Modernisation and the Role of XDR, also revealed that this challenge results in a lack of resources for important strategic tasks and leads organisations towards process automation and outsourcing.
The problem with effectively managing emergency tasks through a security operations centre (SOC) remains: according to the 2020 state of SecOps and automation survey by Dimensional Research, 83 per cent of cybersecurity staff experience alert fatigue.
As well as the volume of alerts, their wide variety is another problem for 67 per cent of organisations, according to the study conducted by ESG. This makes it difficult for a SOC analyst to focus on the more complex and important tasks. In every third company (34 per cent), cybersecurity teams overloaded with alerts and emergency security issues don’t have enough time to spend on strategy and process improvements.
The ESG study also found that organisations don’t relate the problem to a lack of staff – with 83 per cent believing their SOC have enough people to effectively protect a company of their size – but think it is due to the need to automate processes and use external services. The primary reason for using managed services is to allow personnel more time to focus on more strategic initiatives, rather than spending time on security operations tasks (55 per cent).
“SOC analysts put out fires rather than proactively looking for complex and evasive threats in the infrastructure. Reducing the number of alerts, automating their consolidation and correlation into incident chains and cutting the overall response time should become the primary tasks for organisations to improve the effectiveness of their SOC. To achieve this, relevant automation solutions and external expert services can help,” said Yuliya Andreeva, Senior Product Manager, Kaspersky.