CRITICALSTART, a leading provider of Managed Detection and Response (MDR) services, released its third-annual Security Operations Center (SOC) survey Tuesday, revealing that alert-overload still plagues the cybersecurity industry. Forty-seven percent of respondents reported personally investigating 10 to 20 alerts each day, a 12-percent increase from 2019. Moreover, 25-percent of respondents said they investigate 21 to 40 alerts each day, up from 14-percent the year prior.
"Just like businesses and organizations from both the public and private sector are consistently under attack from malicious actors, security professionals are consistently being bombarded with alerts to investigate," said Jordan Mauriello, Senior VP of Managed Services at CRITICALSTART. "This is a problem that isn't going away, so it is imperative that enterprises invest in the people, process, and technology that are needed to combat this alert overload."
The Dallas-based security firm's third-annual report – Alert Overload Still Plagues Cybersecurity Industry – surveyed 100 SOC professionals across enterprises, Managed Security Services Providers (MSSP) and Managed Detection & Response (MDR) providers to evaluate the state of incident response within SOCs from a variety of perspectives, including alert volume and management, business models, customer communications, and SOC analyst training and turnover.
Other key findings include:
- Positively False: Nearly 70-percent of respondents (68%) said that 25 to 75-percent of the alerts they investigate on a daily basis are false positives.
- Turning a Blind Eye: Almost half (49%) of all respondents said they turn off high volume alerting features when there are too many alerts for analysts to process, creating the potential for a legitimate and serious alert to be missed.
- Back to School: 95-percent of respondents now report receiving more than 10 hours of training each year.
Additionally, CRITICALSTART used this year's survey to examine the impact of COVID-19 on the cybersecurity industry during 2020. Key takeaways include:
- 66-percent of survey takers reported seeing an increase in alerts since the known spread of COVID-19 began in mid-March of 2020.
- 89-percent said they had been forced to work remotely as a result of COVID-19.
- 80-percent reported taking steps to change the security posture of their organization because of COVID-19 induced remote work.
To view the full report, please click here.
CRITICALSTART is the only MDR provider committed to eliminating acceptable risk and leaving nothing to chance. We believe that companies should never have to settle for "good enough." Our award-winning portfolio includes end-to-end Professional Services and Managed Detection and Response (MDR). Our MDR puts a stop to alert fatigue by leveraging our ZTAP platform plus industry-leading Trusted Behavior Registry, which eliminates false positives at scale by resolving known-good behaviors. Driven by 24x7x365 human-led, end-to-end monitoring, investigation and remediation of alerts, our on-the-go threat detection and response capabilities are enabled via a fully interactive MOBILESOC.
Other cybersecurity providers might be good, but we're just better. To see why, visit criticalstart.com and follow us on Twitter, LinkedIn or Facebook.