Research from Vectra AI indicates that 71% of Organisations may have been breached and do not know about it, highlighting that security technologies are not fit for purpose.
Vectra AI, an AI-driven cyber threat detection and response expert for hybrid and multi-cloud enterprises, released a new research report identifying that 97% of analysts are worried they will miss security events, with 71% admitting their organisation may have been compromised. They don't know about it yet.
This study details how analysts are overwhelmed, as they receive 4,484 alerts on average per day but can't cope with 67% of them.
This pushes analysts out the door, as two-thirds (67%) of SecOps (Security Operations) analysts are considering or actively leaving their jobs.
The survey of over 2,000 IT security analysts found the size of their organisation's attack surface (63%), and the number of security tools (70%) and alerts (66%) they manage has significantly increased in the past three years.
This is creating a "spiral of more", which threatens to overwhelm their ability to respond quickly to alerts and manage breaches and is causing analysts to consider leaving their jobs.
Furthermore, sifting through false alerts costs organisations approximately USD $3.3 billion annually in the US alone and uses analysts' time to spot and respond to potentially serious breaches.
Other key findings from the research include:
- 39% say there's so much noise it's only a matter of time until they miss something.
- 39% agree the security tools they work with increase their workload rather than reduce it.
- 41% agree that security vendors flood analysts with pointless alerts because they are afraid of not flagging a breach.
- The most common reason analysts gave for leaving or considering leaving their role was spending too much time sifting through poor-quality alerts (39%).
- Other reasons given included constant stress (35%), burnout (34%), and feeling "mind-numbingly bored" (32%).
Kevin Kennedy, Senior Vice President of Products Vectra AI, says: "As enterprises shift to hybrid and multi-cloud environments, security teams are continually faced with more - more attack surface, more attacker methods that evade defenses, more noise, more complexity, and more hybrid attacks."
"The current approach to threat detection is broken, and the findings of this report prove that the surplus of disparate, siloed tools has created too much detection noise for SOC analysts to successfully manage and instead fosters a noisy environment that's ideal for attackers to invade."
"As an industry, we cannot continue to feed the spiral, and it's time to hold security vendors accountable for the efficacy of their signal."
"The more effective the threat signal, the more cyber resilient and effective the SOC becomes," says Kennedy.
Vectra AI says the research also identifies a severe disconnect in the attitudes of security analysts about the tools they use to detect and respond to cyber incidents.
90% are confident in their security technology's effectiveness at detecting and responding to threats. But less than a third of security analysts believe their tools are "very effective", as analysts acknowledge the exact mechanisms are responsible for fostering a growing number of blind spots and facilitating alert overload.