sb-as logo
Story image

Security teams spend 25% of their time chasing false positives

07 Aug 2019

More than 25% of IT security teams' time is spent chasing false positives because there’s just too much error in security alerts and indicator-of-compromise (IOCs).

That’s according to research from the Ponemon Institute and Exabeam, which highlights an urgent need for enterprises to improve and modernise their security operations centre (SOC) productivity.

The study, conducted on security personnel from the United States, found that teams typically respond to 4000 security alerts per week.

While false positives were found to be the primary concern for security teams, the report also showed that teams were also concerned about investigating actionable intelligence and building incident timelines as well as cleaning, fixing and/or patching networks. 

Applications and devices resulting from an incident each take more than 15%of a security team’s time. These inefficiencies can stymie response times to cyber attacks, leaving organisations vulnerable to data and financial losses for longer periods.

While security information and event management (SIEM) tools are important assets in security, organisations also need to look at newer technologies such as user and entity behaviour analytics (UEBA) and security orchestration, automation, and response (SOAR).

“SIEMs are central to SOC cybersecurity for collecting logs and data from multiple network sources for the evaluation, analysis and correlation of network events used for threat detection,” notes the report.

“However, modern SIEMs are most effective because they leverage machine learning and behaviour analytics to identify increasingly sophisticated cyberattacks and highly targeted hack techniques. When used in conjunction with a full arsenal of tools like intelligent incident timeline construction and automated response, modern SIEMs provide significantly more context for how attackers think, work or what they are after.”

Organisations are seeing value from SIEM investments in a short period of time due to the improvement in IT security team effectiveness. 

The report further highlights that in approximately 80% of companies, SIEM solutions do not help reduce their headcount costs. Instead, improved productivity allows security leadership to better deliver on their existing mandates. 

“Our research determined that SIEMs save time, increase productivity and improve security effectiveness for security teams,” comments the Ponemon Institute chairman and founder Larry Ponemon.

The Ponemon survey, sponsored by Exabeam, sought the opinions of 596 experienced IT and IT security practitioners in the United States. 

All respondents were familiar with their organisation’s SIEM deployment and involved in the detection, investigation and/or remediation of security threats inside its network. Among those respondents, a subsample included 42 Exabeam customers.

Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More
Story image
Why zero trust could fail due to lack of understanding​, not technology
Security architects are being forced to re-examine the concept of identity, with many turning to a zero trust security model to provide a better architecture for protecting their sensitive resources.More
Story image
NordVPN upgrades infrastructure with launch of colocated servers
"The greatest advantage of having colocated servers is their complete ownership, which guarantees access only by our authorised people."More
Story image
Lumen launches managed security services for APAC market
The new service is designed to provide enterprise businesses with a proactive, connected security strategy to enhance threat detection and protection across endpoints. More
Story image
Why best-practice threat data management provides confident automation
Understanding an organisation’s threat landscape requires having both the right threat data sources and the proper prioritisation to derive actionable threat intelligence for your organisation. More
Story image
Video: 10 Minute IT Jams - protecting data with user behaviour analytics
In this video, Forcepoint senior sales engineer and solutions architect Matthew Bant discusses the company's DLP solution, the importance of integrating compliance into security solutions, and why cybersecurity strategies should take a more people-based approach.More