On average, security personnel in U.S. enterprises waste approximately 25 percent of their time chasing false positives because security alerts or indicators of compromise (IOCs) are erroneous, a Ponemon Institute and Exabeam joint research reveals.
The report also highlighted the need for security operations centre (SOC) productivity improvements, citing that security teams must evaluate and respond to nearly 4,000 security alerts per week.
The persistent struggle to improve productivity revealed the need for newer security information and event management (SIEM) technologies such as user and entity behaviour analytics (UEBA) and security orchestration, automation and response (SOAR).
While the study found that chasing false positives is the most time-consuming task for security teams, it also showed that 1) investigating actionable intelligence and building incident timelines and 2) cleaning, fixing and/or patching networks, applications and devices resulting from an incident each take over 15 percent of a security team’s time.
These inefficiencies can stymie response times to cyberattacks, leaving organizations vulnerable to data and financial losses for longer periods.
However, the report found that modern SIEM technologies such as UEBA and SOAR can significantly improve productivity.
SIEMs are central to SOC cybersecurity for collecting logs and data from multiple network sources for the evaluation, analysis and correlation of network events used for threat detection.
However, modern SIEMs are most effective because they leverage machine learning and behaviour analytics to identify increasingly sophisticated cyberattacks and highly targeted hack techniques.
When used in conjunction with a full arsenal of tools like intelligent incident timeline construction and automated response, modern SIEMs provide significantly more context for how attackers think, work or what they are after.
The report further highlights that security operations teams are under water. In approximately 80 percent of companies, SIEM solutions do not help reduce their headcount costs. Instead, improved productivity allows security leadership to better deliver on their existing mandates.
This is especially important considering that one-third of respondents reported being understaffed, with the most common shortage being 6-10 employees.