Security operations center (SOC) analysts are inundated with a high volume of alerts and are spending a lot of time sorting through the false positives creating alert fatigue
Security operations center (SOC) analysts are today overwhelmed by alerts and keep too busy chasing and investigating what are often false alarms. This results in burnout and costs staff morale and workforce readiness. According to a survey, from CriticalStart, a security company found that over 80% of analysts believe that their SOC had experienced a churn between 10% and 50% in the past year.
The report, ‘The Impact of Security Alert Overload,’ also revealed that 70% of security professionals have to investigate more than ten alerts every day. This is up by 25% from 2018. With the complications increasing on the threats, more than three-quarters (78%) of security professionals said that it takes over 10 minutes to look into each alert. This too is up by almost 15% from last year. Out of all the warnings investigated, false-positives are the most common. Almost half of the respondents reported that 50% or higher alerts are false positives.
In response to the excessive work, over 35% of respondents said that their SOC has either tried to increase staff by hiring more analysts or turned off high-volume alerting features.
Many security professionals spend the most amount of their time trying to manage the high volume of alerts. Many SOC analysts believe that alert fatigue impacts their jobs. Only 40% of professionals actually spend time in analyzing and remediating security threats. A year ago, this was the chief responsibility of 70% of the professionals.
There is also no time left for training since most of the professionals spend less than 20 hours a year in training. Experts believe that given the current dynamic threat environment, lack of training can affect the core of the organization’s security and cause considerable losses in the end.
The security risk posed by the high level of alert fatigue can cause the overwhelmed and overworked security teams to impede by other factors like lack of network visibility.
Experts believe that as SOCs are burdened with alerts, they begin to ignore the low to medium priority alerts and even tune out or turn off the noisy security applications. This can lead to exposed risks and threats. Combining the almost null training with the stressful work environment, the reason for the high churn rates of SOC analysts is apparent. This results in enterprises only being more exposed to security risks and threats.