Survey: Automated Threat Detection Highly Desirable to Security Analysts

FireEye, a Milpitas, California-based security company, has released the results of a recent survey indicating that security analysts are becoming less productive due to widespread “alert fatigue” resulting in ignored alerts, increased stress, and fear of missing incidents.

According to the brief entitled, “The Voice of the Analysts: Improving Security Operations Center Processes Through Adapted Technologies,” security analysts continue to feel the pressure of increased alerts, spending almost half their time on false positives. While analysts and IT security managers receive thousands of alerts every day, respondents indicated 45 percent of the alerts are false positives, making in-house analysts’ jobs less efficient and slowing workflow processes. To manage alert overload in the SOC, 35 percent of this group said that they ignore alerts.

MSSPs spend even more time sifting through false positives. MSSP analysts indicated that fifty-three percent of the alerts they receive are false positives. Meanwhile, 44 percent of analysts at managed service providers said they ignore alerts when their queue gets too full, which could lead to a breach involving multiple clients.

As analysts experience more challenges managing alerts manually, their worry of missing an incident also increases: Three in four analysts are worried about missing incidents, and one in four worry “a lot” about missing incidents.

Respondents shared the top tools they use to investigate alerts, showing that less than half use artificial intelligence and machine learning technologies (43 percent), Security Orchestration Automation and Response (SOAR) tools (46 percent), Security Information and Event Management (SIEM) software (45 percent), Threat Hunting (45 percent), and other security functions. In addition, only two in five analysts use artificial intelligence and machine learning technologies alongside other tools.

The company further reports that 350 internal and managed security service provider (MSSP) security analysts and managers were surveyed in the research conducted in cooperation with Framingham, Massachusetts-based IDC.

Channel Impact^®
The survey details respondents’ desire to manage growing alert fatigue amidst flood of false positive alerts.