Security alerts more than doubled in the last 5 years, SecOps teams admit they can’t get to them all

Sumo Logic announced the findings of a global survey that highlight the barriers security professionals are facing on the path to modernizing the security operations center (SOC).

High volume of security alerts

The struggle to effectively manage high volumes of security alerts and the complexities associated with traditional SIEMs are driving the demand for a new approach to effectively address challenges in the SOC through cloud-native SIEMs combined with security automation capabilities.

“Today’s security operations teams are faced with constant threats of security breaches that can lead to severe fallout including losing customers, diminished brand reputation and reduced revenue. To effectively minimize risk and bridge the gap, many companies rely on automated solutions that provide real-time analysis of security alerts,” said Diane Hagglund, principal for Dimensional Research.

“These findings highlight the challenges SOC teams are facing in a cloud-centric world, but more importantly why enterprises are aggressively looking to cloud-native alternatives for security analytics and operations.”

The study reveals that managing the sheer volume of these alerts poses a significant problem for IT security professionals. Although automated security alert processing can help to mitigate this issue, it is still a work in progress for most security teams.

Security alert volumes create problems for security operations

• 70% have more than doubled the volume of security alerts in the past five years
• 99% report high volumes of alerts cause problems for IT security teams
• 83% say their security staff experiences “alert fatigue”

Automation helps, but it is still a work in progress

• 65% of teams with high levels of automation resolve most security alerts the same day compared to only 34% of those with low levels of automation
• 92% agree automation is the best solution for dealing with large volumes of alerts
• 75% report they would need three or more additional security analysts to address all alerts the same day

Better technology is needed to manage security alert volumes

• 88% face challenges with their current SIEM
• 84% see many advantages in a cloud-native SIEM for cloud or hybrid environments
• 99% would benefit from additional SIEM automation capabilities

“Enterprises are arguably dealing with more data today than ever before, and the pain security operations teams are feeling is significant. There’s never been a more important time to ensure IT security operations are up to par,” said Greg Martin, general manager for the security business unit at Sumo Logic.

“Companies need to adopt solutions that let them quickly identify, prioritize and respond to only the most critical warning signals, so that they’re not left drowning in alert overload with no direction.”