Schedule A Demo

SOC teams are frustrated with their security tools

Many security operations center (SOC) analysts struggle to do their jobs effectively, citing problems with the tools they use, alert fatigue, and the time they waste chasing after erroneous detections.

According to a survey by Vectra AI, conducted with 2,000 SOC analysts globally, most are frustrated with their tools, which they say create more work, not less.

When asked about their top frustrations, 52% said the tools they work with actually increase their workload; almost half (47%) don’t trust the tools to work the way they need them to; 45% said the tools are more frustrating than helpful; 45% feel their tools are contributing more to burnout; and 60% said vendors are more concerned with selling as many tools as possible than helping teams work more effectively.

SOC analyst tool frustration is not the only issue

Furthermore, the findings revealed that only one-third of SOC analysts consider the tools they use to be effective, and a mere 26% say their vendor solutions work seamlessly together. This, along with alert fatigue, makes prioritizing events and threats difficult. And while their teams are understaffed, and the workload is high, many admit to working late to keep on top of the day’s work. Job satisfaction, as expected, is on the decline.

The survey delved more into alert fatigue, revealing:

  • 40% of SOC practitioners surveyed said they have to deal with more than 500 alerts every day.
  • 97% of them say they worry about missing real threats because the volume of alerts is so overwhelming.
  • Only 16% said that the security alerts they receive are accurate most of the time.

Alert fatigue doesn’t just create unhappy employees—it creates a dangerous gap in visibility and exploitable seams in security defenses,” Mark Wojtasiak, VP of Product Strategy at Vectra AI, said in commentary on the report. “When analysts are overwhelmed with alerts, many of which are false positives, they are unable to thoroughly investigate each one. This can lead to missed or overlooked threats, creating blind spots that attackers can exploit.”

How to improve SOC operations

Asked what would improve their operations, more than half of analysts (54%) said they want SIEM vendors to focus on developing faster, more accurate detection alerts. Additionally, 38% said more granular analytics would help improve their response time during an incident, and 34% said they want additional support and training to make the best use of their tools.

Despite the frustration analysts have with their tools, 89% expect to use even more tools over the next year, indicating that the number of tools one has access to is not the underlying problem in the SOC. The Vectra AI report recommends that organizations seek quality over quantity, focusing on the outcomes and coverage they want rather than the number of tools in use.

The report also recommends that a structured playbook be developed that can provide a consistent, repeatable process that helps speed up investigations, while automating routine tasks so that analysts can focus on more critical areas of their role.

Share

Related Posts

image (2)

NTT Security Japan Signs First Resale Agreement with Blackwired

bw-blog_un-1672219270439-ca2c8d7b1dcc

US Sanctioning Russian Broker for Buying Stolen Zero-Day Exploits.

getty-images-aTWKwJllPOA-unsplash

AI In the Middle: Turning Web-Based AI Services into C2 Proxies and The Future of AI Driven Attacks

Singapore

Blackwired Pte Ltd

175A Bencoolen Street,

#06-01 Burlington Square,

189650, Singapore.

Americas

Blackwired (US) Inc.


Great Northern Corp Center II,


24950 Country Club Blvd,


North Olmsted, Ohio,


44070, United States.

UK | EU

Blackwired (UK) Ltd


Caledonia House,


89 Seaward Street,


Glasgow G41 1HJ,


United Kingdom.

Copyright © All Right Reserved

Privacy Policy