The state of constant alertness is taking security analysts to another state: that of generalized fatigue, resulting in ignored alerts, increased stress and a fear of letting go of alerts that result in incidents. The finding is in the study “The Voice of the Analysts: Improving Security Operations Center Processes Through Adapted Technologies”, developed by IDC for FireEye and published today. The survey was conducted with 300 security analysts and managers using their own resources and managed services, and found that professionals are becoming less productive due to alert fatigue.
Security analysts continue to feel the pressure of increased alerts, spending almost half the time on false positives:
- False positives create “alert fatigue”: respondents indicated that 45% of alerts are false positives, making analysts’ internal work less efficient and slowing down the workflow. To manage the alert overhead in the SOC, 35% of the staff admit that they ignore alerts
- MSSPs spend even more time examining false positives and ignore more alerts: MSSP analysts have indicated that 53% of the alerts they receive are false positives. At the same time, 44% of managed service provider analysts said they ignore the alerts when the queue becomes very full, which can lead to a breach involving multiple customers
Fear of missing incidents (FOMI) is affecting most security analysts and managers:
- As analysts face more challenges to manage alerts manually, their concern about missing an incident also increases: 75% of analysts are concerned about losing incidents; 25% are “very” concerned about the loss of incidents
- This fear affects security managers even more than their analysts: over 6% reported having lost sleep due to fear of lost incidents
Analysts call for automated SOC solutions to solve FOMI
- Less than half of corporate security teams are using tools to automate SOC activities: only 43% use artificial intelligence and machine learning technologies; 46% use Security Orchestration and Response Automation (SOAR), 45% use SIEM (security information and event management software), 45% do threat hunting and other security functions. In addition, only 40% of analysts use artificial intelligence and machine learning technologies associated with other tools.
- To manage SOCs, security teams need advanced automated solutions to reduce alert fatigue and improve success, focusing on more skilled tasks such as threat hunting and cyber investigations: by classifying the most suitable activities for automation, detection of threats was the highest (18 percent) on the analysts’ wish list, followed by threat intelligence (13 percent) and incident screening (9 percent).
With international agencies
See the original post at: https://www.cisoadvisor.com.br/alerta-causa-fadiga-e-queda-de-produtividade-de-equipes-no-soc/?rand=59039