More than 25% of IT security teams' time is spent chasing false positives because there's just too much error in security alerts and indicator-of-compromise (IOCs).
That's according to research from the Ponemon Institute and Exabeam, which highlights an urgent need for enterprises to improve and modernise their security operations centre (SOC) productivity.
The study, conducted on security personnel from the United States, found that teams typically respond to 4000 security alerts per week.
While false positives were found to be the primary concern for security teams, the report also showed that teams were also concerned about investigating actionable intelligence and building incident timelines as well as cleaning, fixing and/or patching networks.
Applications and devices resulting from an incident each take more than 15%of a security team's time. These inefficiencies can stymie response times to cyber attacks, leaving organisations vulnerable to data and financial losses for longer periods.
While security information and event management (SIEM) tools are important assets in security, organisations also need to look at newer technologies such as user and entity behaviour analytics (UEBA) and security orchestration, automation, and response (SOAR).
“SIEMs are central to SOC cybersecurity for collecting logs and data from multiple network sources for the evaluation, analysis and correlation of network events used for threat detection,” notes the report.
“However, modern SIEMs are most effective because they leverage machine learning and behaviour analytics to identify increasingly sophisticated cyberattacks and highly targeted hack techniques. When used in conjunction with a full arsenal of tools like intelligent incident timeline construction and automated response, modern SIEMs provide significantly more context for how attackers think, work or what they are after.
Organisations are seeing value from SIEM investments in a short period of time due to the improvement in IT security team effectiveness.
The report further highlights that in approximately 80% of companies, SIEM solutions do not help reduce their headcount costs. Instead, improved productivity allows security leadership to better deliver on their existing mandates.
“Our research determined that SIEMs save time, increase productivity and improve security effectiveness for security teams,” comments the Ponemon Institute chairman and founder Larry Ponemon.
The Ponemon survey, sponsored by Exabeam, sought the opinions of 596 experienced IT and IT security practitioners in the United States.
All respondents were familiar with their organisation's SIEM deployment and involved in the detection, investigation and/or remediation of security threats inside its network. Among those respondents, a subsample included 42 Exabeam customers.