Security professionals are struggling to effectively manage high volumes of security alerts.
According to the 2020 State of SecOps and Automation Report, a study conducted by Dimensional Research on behalf of Sumo Logic, managing the sheer volume of security alerts poses a significant problem for IT security professionals.
Its research of 427 qualified security individuals found 70 had faced more than double the volume of security alerts in the past five years, whilst 99% stated high volumes of alerts were causing problems for IT security teams.
This led 83% to say their security staff had experienced alert fatigue.
“Today’s security operations teams are faced with constant threats of security breaches that can lead to severe fallout including losing customers, diminished brand reputation and reduced revenue,” said Diane Hagglund, principal for Dimensional Research.
“To effectively minimize risk and bridge the gap, many companies rely on automated solutions that provide real-time analysis of security alerts. These findings highlight the challenges SOC teams are facing in a cloud-centric world, but more importantly why enterprises are aggressively looking to cloud-native alternatives for security analytics and operations.”
Although automated security alert processing can help to mitigate this issue, it is still a work in progress for most security teams.
Speaking to Infosecurity, Virtually Informed CISO Sarb Sembhi said, in the last 20 years, technology has been about “collecting and giving you alerts” and until AI came along, there was little in the way of a solution to deal with alerts and to be able to see all alerts in a single view.
“The cause of this is so many different technologies that come into the security estate and give you an alert and tell you something is wrong and somebody has done something, and there is not a single view,” he said. “What you need is a single sense to tell you what the course of action should be.”
He concluded that there is an issue of seeing so many alerts and an analyst having a “so what” attitude, but even if one of a million alerts is dangerous “you cannot become complacent.”