Include:
Tech
Cybersecurity
Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.

Location

333 West San Carlos Street
San Jose, California 95110
United States

WWW: acer.com

ChannelPro Network Awards

hello 2
hello 3

Press Releases

February 13, 2018 |

New Research from Advanced Threat Analytics Finds MSSP Incident Responders Overwhelmed by False-Positive Security Alerts

Incident Responders Waste Hours Each Day Investigating False-Positive Security Alerts; Manpower Requirements Stress MSSP Business Models

†Advanced Threat Analytics (ATA)†published new†research†that reveals managed security services providers (MSSPs) are wasting enormous resources processing useless security alerts, a problem that impacts staffing, operational business models and security effectiveness. Additionally, the survey found that incident responders often cope with this problem by either reducing the sensitivity of security equipment or ignoring alerts altogether.

ATA polled nearly 50 MSSPs to evaluate the state of incident response within their security operations centers (SOCs). Key findings from the survey include:

  • 44% of respondents report a 50% or higher false-positive rate (22% experience a 50-75% false-positive rate while the other half states a rate between 75 and 99%).
  • Nearly 45% of respondents investigate 10 or more alerts each day (22% investigate between 10 and 20 alerts each day, 11% investigate 20-40 daily, and 11% investigate 50 or more).
  • 64% state that, on average, it takes 10 minutes or more to investigate each alert (33% say it takes between 10 and 20 minutes to investigate each alert, 20% say it takes between 20 and 30 minutes, and 11% state it takes 30 minutes or more).

“This research shows that MSSPs are still on the receiving end of an oppressive number of daily security alerts, forcing many analysts and incident responders to spend hours – in some cases, more than five – each day investigating them, many of which turn out to be false-positives,” said†Alin Srivastava, president, ATA. “Devoting so much time to benign alerts severely compromises security effectiveness, as analysts are distracted from acting on actual threats and incidents.”

Alert Overload Dictates Business Models
Staff inefficiency isn’t the only outcome associated with alert overload. It’s also forcing SOCs to compromise in other critical areas as well. When asked what they do if their SOC has too many alerts for analysts to process, respondents†say they: tune specific alerting features or thresholds to reduce alert volume (67%); ignore certain categories of alerts (38%); turn off high-volume alerting features (27%); and hire more analysts (24%).

“Many MSSPs are expanding their teams in an effort to keep up with alert volume, which isn’t a sustainable model, while others change operational processes, like turning off security features or ignoring certain alerts, which greatly increases the risk that legitimate security events will go undetected,” continued Srivastava. “The most effective way for MSSPs to break free from alert tyranny is to invest in technology that decreases the number of incidents generated, rather than in traditional SIEM and incident orchestration solutions, which only reduce the time it takes to investigate each one.”

Do Your Job
When survey respondents were asked what they feel is the main responsibility of their job, 70%†say†analyzing and remediating security threats; 20%†say†limiting the number of alerts sent to clients for review; 5%†say†investigating as many alerts as possible; and the remaining 5%†say†reducing the time it takes to investigate a security alert.

Srivastava commented: “When analysts are no longer bogged down in an unmanageable number of alerts, they can focus on what they were hired to do – mitigate risk by identifying true threats and responding quickly. And when security teams are operating at peak efficiency, MSSPs can keep personnel and SOC costs down. The net result is that MSSPs can reduce the alert-overload problem and take a more efficient, effective and strategic approach to security operations – and that’s a huge win for employees, the business and their clients.”

Related Press Releases

Growing the MSP

Editor’s Choice


Explore ChannelPro

Events

Reach Our Audience