Man
Professional
- Messages
- 3,222
- Reaction score
- 810
- Points
- 113
Why do specialists spend two hours a day on false alarms?
A recent study by Vectra AI revealed the dissatisfaction of SOC teams with current cyber defense tools. Experts note that a large number of disparate solutions and a lack of accurate indicators of compromise make it difficult to effectively detect and prioritize real threats.
Security center specialists point to a growing distrust of information security solution providers. They believe that the tools they use hinder rather than help detect attacks. Despite growing confidence in their own skills and growing optimism about the use of artificial intelligence, many teams still face challenges in analyzing cyber threats.
Moreover, the increase in the number of hybrid attacks and the use of new generative AI-based tools have significantly complicated the work of SOC teams. Generative AI opens up additional opportunities for attackers, and cybersecurity professionals have to cope with an excess of false alarms and noise from alerts. Despite increased confidence in their defense mechanisms, a significant proportion of SOC experts still believe that they do not have the right tools to effectively detect threats.
According to the study, 71% of SOC specialists fear that they will miss a real attack due to the flood of alerts, and 51% admit that they do not have time to respond to the growing number of threats. Moreover, 47% of professionals do not trust the functionality of their tools, and 54% believe that they increase the load on the SOC, not reduce it.
One of the main challenges is the overuse of tools: 73% of teams have implemented more than 10 solutions, and 45% have implemented more than 20. Many SOC teams are considering implementing advanced detection and response (XDR) systems as an alternative.
Dissatisfaction with cyber security tools is growing, with more than 60% of experts believing that vendors offer solutions that generate too much noise and alerts. At the same time, 71% believe that vendors should take more responsibility for failed attempts to prevent hacking.
SOCs spend more than two hours a day processing and classifying events, and only 50% believe that their tools actually help detect real-world attacks. Realistically, they can only handle 38% of alerts, and only 16% of them are classified as real threats.
Artificial intelligence is becoming increasingly in demand in SOC to improve the detection and response to cyber threats. According to 85% of experts, investment in AI has increased over the past year, and 67% are confident that AI has had a positive impact on threat detection. 89% plan to expand the use of AI in the future to replace outdated tools. However, for full adoption of AI, vendors need to build trust by showing real value without adding complexity to SOC teams.
Thus, the crisis of confidence in cybersecurity underscores the need to rethink approaches to protection. Instead of chasing the number of tools and generating endless alerts, the industry should focus on creating intelligent, integrated solutions that can effectively identify real threats. Only a balanced combination of advanced technology and human expertise can provide reliable protection in the ever-evolving cyber threat landscape.
Source
A recent study by Vectra AI revealed the dissatisfaction of SOC teams with current cyber defense tools. Experts note that a large number of disparate solutions and a lack of accurate indicators of compromise make it difficult to effectively detect and prioritize real threats.
Security center specialists point to a growing distrust of information security solution providers. They believe that the tools they use hinder rather than help detect attacks. Despite growing confidence in their own skills and growing optimism about the use of artificial intelligence, many teams still face challenges in analyzing cyber threats.
Moreover, the increase in the number of hybrid attacks and the use of new generative AI-based tools have significantly complicated the work of SOC teams. Generative AI opens up additional opportunities for attackers, and cybersecurity professionals have to cope with an excess of false alarms and noise from alerts. Despite increased confidence in their defense mechanisms, a significant proportion of SOC experts still believe that they do not have the right tools to effectively detect threats.
According to the study, 71% of SOC specialists fear that they will miss a real attack due to the flood of alerts, and 51% admit that they do not have time to respond to the growing number of threats. Moreover, 47% of professionals do not trust the functionality of their tools, and 54% believe that they increase the load on the SOC, not reduce it.
One of the main challenges is the overuse of tools: 73% of teams have implemented more than 10 solutions, and 45% have implemented more than 20. Many SOC teams are considering implementing advanced detection and response (XDR) systems as an alternative.
Dissatisfaction with cyber security tools is growing, with more than 60% of experts believing that vendors offer solutions that generate too much noise and alerts. At the same time, 71% believe that vendors should take more responsibility for failed attempts to prevent hacking.
SOCs spend more than two hours a day processing and classifying events, and only 50% believe that their tools actually help detect real-world attacks. Realistically, they can only handle 38% of alerts, and only 16% of them are classified as real threats.
Artificial intelligence is becoming increasingly in demand in SOC to improve the detection and response to cyber threats. According to 85% of experts, investment in AI has increased over the past year, and 67% are confident that AI has had a positive impact on threat detection. 89% plan to expand the use of AI in the future to replace outdated tools. However, for full adoption of AI, vendors need to build trust by showing real value without adding complexity to SOC teams.
Thus, the crisis of confidence in cybersecurity underscores the need to rethink approaches to protection. Instead of chasing the number of tools and generating endless alerts, the industry should focus on creating intelligent, integrated solutions that can effectively identify real threats. Only a balanced combination of advanced technology and human expertise can provide reliable protection in the ever-evolving cyber threat landscape.
Source
