Study: MSSPs Overwhelmed by False Positive Security Alerts

Advanced Threat Analytics (ATA), a Dallas based company with a classification platform for security events, has published new research that reveals managed security services providers are wasting resources processing useless security alerts. The survey also found that incident responders often cope with this problem by either reducing the sensitivity of security equipment or ignoring alerts altogether.

According to the report, 44% of respondents report a 50% or higher false-positive rate. Nearly 45% of respondents investigate 10 or more alerts each day. And 64% state that, on average, it takes 10 minutes or more to investigate each alert.

“This research shows that MSSPs are still on the receiving end of an oppressive number of daily security alerts, forcing many analysts and incident responders to spend hours – in some cases, more than five – each day investigating them, many of which turn out to be false-positives,” said Alin Srivastava, president of ATA. “Devoting so much time to benign alerts severely compromises security effectiveness, as analysts are distracted from acting on actual threats and incidents.”

When asked what they do if their SOC has too many alerts for analysts to process, 67% of respondents say they tune specific alerting features or thresholds to reduce the volume of alerts.

ATA polled nearly 50 MSSPs to evaluate the state of incident response within their security operations centers.

Channel Impact^®
Companies are finding themselves in a difficult situation, faced with either ignoring potentially valid alerts or expanding staff size beyond their available budgets. Channel partners who can enhance efficiency are well positioned in this environment.