Why SOC Managers are Overwhelmed by Alerts

December 13, 2016

According to an Intel Security survey, Security Operations Center operators acknowledge an inability to keep up with cybersecurity alerts or triage relevant events for investigation.

In mid-2016, Intel Security commissioned a primary research study to gain a deeper understanding of the ways in which enterprises use SOCs, how they have changed over time, and what they will look like in the future. Interviews with nearly 400 security practitioners across several countries, industries and company sizes yielded valuable information on the state of the SOC in 2016:

Alert overload. On average, organizations are unable to sufficiently investigate 25 percent of their security alerts, with no significant variation by country or company size.
Triage trouble. While most respondents acknowledged being overwhelmed by security alerts, as many as 93 percent are unable to triage all potential threats.
Incidents on the rise. Whether from an increase in attacks or better monitoring capabilities, 67 percent of respondents reported an increase in security incidents.
Cause of the rise. Of the respondents reporting an increase in incidents, 57 percent report they are being attacked more often, while 73 percent believe they are able to better spot attacks.
Threat signals. The most common threat detection signals for a majority of organizations (64 percent) come from traditional security control points, such as antimalware, firewall and intrusion prevention systems.
Proactive vs. reactive. The majority of respondents claim to be progressing toward the goal of a proactive and optimized security operation, but 26 percent still operate in reactive mode, with ad hoc approaches to security operations, threat hunting and incident response.
Adversaries. More than two-thirds (68 percent) of investigations in 2015 involved a specific entity, either as a targeted external attack or an insider threat.
Causes for investigation. The respondents reported that generic malware led the list of incidents (30 percent) leading to security investigations, followed by targeted malware-based attacks (17 percent), targeted network-based attacks (15 percent), accidental insider incidents resulting in potential threats or data loss (12 percent), malicious insider threats (10 percent), direct nation-state attacks (7 percent), and indirect or hacktivist nation-state attacks (7 percent).

Survey respondents said that the highest priority for the growth and investment of SOCs is to improve the ability to respond to confirmed attacks, which includes the ability to coordinate, remediate, eradicate, learn and prevent reoccurrences.

http://www.businesswire.com/news/home/20161212006285/en/McAfee-Labs-Report-Finds-93-Percent-Security

You must login or register in order to post a comment.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

ON DEMAND: There's a lot at stake when it comes to cybersecurity. Reputation, productivity, quality. Join us to discuss the future of your global security strategy and a path forward with trusted partners Cisco and Rockwell Automation, and turn your Food & Bev security challenges into strategic advantages that drive business value.

Why SOC Managers are Overwhelmed by Alerts

The latest news and information

Content written for business-minded executives who manage enterprise risk and security

Why SOC Managers are Overwhelmed by Alerts

Related Articles

Report Abusive Comment

The latest news and information

Content written for business-minded executives who manage enterprise risk and security