Security operations center analysts are being overwhelmed by alerts, and say their jobs are too busy with chasing down and investigating what are too often false alarms, according to a new report.
WHY IT MATTERS
That burnout isn’t without its cost on workforce readiness and staff morale. The survey, from CriticalStart, a security vendor specializing in managed detection and response services, found that more than eight out of 10 analysts said their SOC had experienced between 10% and 50% analyst churn in the past year.
Among other findings from the report, 70% of pool respondents said they have to investigate 10-plus alerts every day – up from 45% last year. And more than three-quarters (78%) said it takes 10 minutes or more to look into each alert – up from 64% last year.
And false-positives are common: Almost half of respondents reporting a rate of 50% or higher.
In response, more than one in three respondents (38%) said their SOC has tried to hire more analysts or turn off high-volume alerting features.
Still, far too many SOC analysts say their jobs are impacted by the alert fatigue; just 41% now say their chief responsibility is to analyze and remediate security threats – compared with 70% a year ago. Most now say they spend most of their time trying to manage the high volume of alerts.
THE LARGER TREND
The security risk posed by this level of alert fatigue is put into stark relief when considered alongside another recent report, which found that overworked and overwhelmed security teams are impeded by other factors, such as lack of network visibility, which is leading to many hospitals being behind the eight ball when it comes to finding and responding to actual threats.
ON THE RECORD
“The research reflects what we are seeing in the industry – as SOCs get overwhelmed with alerts, they begin to ignore low to medium priority alerts, turn off or tune out noisy security applications, and try to hire more bodies in a futile attempt to keep up,” Rob Davis, CEO at CriticalStart, said in a statement.
“Combine that stressful work environment with no training and it becomes clear why SOC analyst churn rates are so high, which only results in enterprises being more exposed to risk and security threats.”