According to a new ESG study, ‘SOC Modernization and the Role of XDR’ commissioned by Kaspersky, almost three-in-four (70%) respondent organizations struggle to keep up with the volume of alerts generated by security analytics tools. This results in a lack of resources for important strategic tasks and leads organizations towards process automation and outsourcing.
The problem with effectively managing emergency tasks through a security operations center (SOC) remains: according to the ‘2020 state of SecOps and automation’ survey by Dimensional Research, 83% of cybersecurity staff experience alert fatigue.
In addition to the volume of alerts, their wide variety is another problem for 67% of organizations, according to the study conducted by ESG. This makes it difficult for a SOC analyst to focus on the more complex and important tasks. In every third company (34%), cybersecurity teams overloaded with alerts and emergency security issues don’t have enough time to spend on strategy and process improvements.
The ESG study also found that organizations don’t relate the problem to a lack of staff with 83% believing their SOC have enough people to effectively protect a company of their size, but think it is due to the need to automate processes and use external services. The primary reason for using managed services is to allow personnel more time to focus on more strategic initiatives, rather than spending time on security operations tasks (55%).
“SOC analysts put out fires rather than proactively looking for complex and evasive threats in infrastructure,” comments Yuliya Andreeva, senior product manager at Kaspersky. “Reducing the number of alerts, automating their consolidation and correlation into incident chains and cutting the overall response time should become the primary tasks for organizations to improve the effectiveness of their SOC. To achieve this, relevant automation solutions and external expert services can help.”