Montri - stock.adobe.com
SOC teams falling out of love with threat detection tools
Security operations centre practitioners are fed up of being flooded with pointless alerts and many no longer have much confidence in their threat detection tools, according to a report
About two-thirds of security operations centre (SOC) staff feel overwhelmed by a tide of pointless cyber alerts from products made by suppliers anxious to avoid responsibility for a breach, and this is causing them to fall out of love with the tools of their trade, with almost half saying they no longer trust the ability of the products and services they use to work as they should.
This is according to extended detection and response (XDR) specialist Vectra AI, which has released its 2024 state of threat detection report The defenders’ dilemma, claiming that security professionals feel they are losing the battle to unearth real threats due to too many siloed tools and a lack of clear and accurate signals.
Respondents to the global study cited a growing distrust in the supplier community, with some saying threat detection tools were more of a hindrance than a help when it came to a real incident.
That said, there were bright spots in the form of a growing sense of confidence in their own abilities, and those of their teams, and optimism around how artificial intelligence (AI) might be able to help – an aspect Vectra AI believes it is set up to capitalise on.
“It’s promising to see that confidence is growing among security practitioners. However, it’s clear they are becoming increasingly frustrated with their current threat detection tools which, due to a lack of integrated attack signal, often create additional work rather than streamline the process. The data suggests the tools being used for threat detection and response, along with the vendors who sell them, aren’t holding up their end of the deal,” said Mark Wojtasiak, vice-president of research and strategy at Vectra AI.
“Teams believe AI delivers an attack signal that will help them identify and prioritise threats, accelerate response times and reduce alert fatigue. However, trust needs to be rebuilt. AI-powered offerings are proving to have a positive impact, but to truly re-establish trust, vendors will need to show how they add value beyond just the technologies they sell.”
Disconnect
The Vectra AI report highlights a disconnect, in that security professionals are confident in their abilities but feel they are losing ground when it comes to cutting through the noise. The statistics appear to show that the disconnect likely originates in the need to manage too many tools offering too much information, leading to concerns about missing critical alerts.
This, in turn, is driving the lack of trust already highlighted, but also pushing security professionals to rely on their wits, seek alternative XDR solutions or press AI into service.
And this seems to be borne out in the data. Some of the study’s other findings include the fact that 71% worry they will one day miss a real attack and 51% feel they can’t keep pace with the number of threats. A total of 47% don’t trust their tools to work the way they need them to, and 54% say their tools are increasing the SOC workload, not reducing it – indeed, 81% said they spend more than two hours a day triaging security events.
Vectra AI also found that 73% of SOC practitioners have more than 10 tools in place, and 45% more than 20.
Some of the other frustrations uncovered include a sense that threat detection tools create too much noise and the idea that suppliers are in some way trying to duck responsibility for stopping breaches.
Ultimately, a majority of SOC practitioners now believe their security tools are being procured as a box-ticking compliance exercise, and not out of any meaningful sense of security.
Read more about XDR
- Extended detection and response tools are open or native. Learn the differences between them, and get help choosing the right XDR type for your organisation.
- One of the most important goals of cyber security professionals is to quickly identify potential or in-progress cyber attacks. These three approaches can help.
- SIEM, SOAR and XDR each possess distinct capabilities and drawbacks. Learn the differences among the three, how they can work together and which your company needs.