Vectra AI, the developer of AI-driven cyber threat detection and response for hybrid and multi-cloud enterprises, has released a new research report identifying that 97% of analysts are worried they will miss security events, with 71% admitting their organisation may have been compromised and they don’t know about it yet.
This study details how analysts are being overwhelmed, as they receive 4,484 alerts on average per day, but can’t cope with 67% of them. This is pushing analysts out the door, as two thirds (67%) of SecOps (Security Operations) analysts are considering or actively leaving their jobs.
The survey of over 2,000 IT security analysts found the size of their organisation’s attack surface (63%), and the number of security tools (70%) and alerts (66%) they manage, has significantly increased in the past three years. This is creating a “spiral of more” which threatens to overwhelm their ability to respond quickly to alerts and manage breaches and is causing analysts to consider leaving their jobs.
What’s more, sifting through false alerts is costing organisations approximately $3.3bn annually in the US alone, and using up analysts time to spot and respond to potentially serious breaches. Other key findings from the research include:
- 39% say there’s so much noise, it’s only a matter of time until they miss something.
- 39% agree the security tools they work with increase their workload rather than reduce it.
- 41% agree that security vendors flood analysts with pointless alerts because they are afraid of not flagging a breach.
- The most common reason analysts gave for leaving or considering leaving their role was spending too much time sifting through poor quality alerts (39%).
- Other reasons given included constant stress (35%), burnout (34%), and feeling “mind-numbingly bored” (32%).“
As enterprises shift to hybrid and multi-cloud environments, security teams are continually faced with more – more attack surface, more attacker methods that evade defenses, more noise, more complexity, and more hybrid attacks,” said Kevin Kennedy, senior vice president of products Vectra AI. “The current approach to threat detection is broken, and the findings of this report prove that the surplus of disparate, siloed tools has created too much detection noise for SOC analysts to successfully manage and instead fosters a noisy environment that’s ideal for attackers to invade.
As an industry, we cannot continue to feed the spiral, and it’s time to hold security vendors accountable for the efficacy of their signal. The more effective the threat signal, the more cyber resilient and effective the SOC becomes.”
The research also identifies a serious disconnect in the attitudes of security analysts about the tools they use to detect and respond to cyber-incidents. 90% are confident in their security technology’s effectiveness at detecting and responding to threats. But looking more closely, less than a third of security analysts believe their tools are “very effective”, as analysts acknowledge the same tools are responsible for fostering a growing number of blind spots and facilitating alert overload.
Report Methodology
This report is based on a study commissioned by Vectra AI and carried out by Sapio Research. Sapio surveyed 2,000 IT security analysts working at organizations with more than 1,000 employees across the US (200), UK (200), France (200), Germany (200), Italy (200), Spain (200), Sweden (200), the Netherlands (200), Australia and New Zealand (200), and Saudi Arabia and the United Arab Emirates (200).