Significant time wasted chasing false positives

Research indicates an urgent need for newer SIEM technologies that increase SOC analyst productivity and improve security effectiveness as U.S. enterprises struggle to respond to nearly 4,000 alerts per week.

  • 4 years ago Posted in
Exabeam and the Ponemon Institute, have published joint research, revealing that on average, security personnel in U.S. enterprises waste approximately 25 percent of their time chasing false positives because security alerts or indicators of compromise (IOCs) are erroneous. The report also highlighted the need for security operations centre (SOC) productivity improvements, citing that security teams must evaluate and respond to nearly 4,000 security alerts per week.

 

The persistent struggle to improve productivity revealed the need for newer security information and event management (SIEM) technologies such as user and entity behaviour analytics (UEBA) and security orchestration, automation and response (SOAR). While the study found that chasing false positives is the most time-consuming task for security teams, it also showed that 1) investigating actionable intelligence and building incident timelines and 2) cleaning, fixing and/or patching networks, applications and devices resulting from an incident each take over 15 percent of a security team’s time. These inefficiencies can stymie response times to cyberattacks, leaving organisations vulnerable to data and financial losses for longer periods.

 

However, the report found that modern SIEM technologies such as UEBA and SOAR can significantly improve productivity. Exabeam was able to reduce total time spent by enterprises on security tasks by 51 percent. Other SIEM solutions were only able to reduce the total time by less than a third (31 percent).

 

SIEMs are central to SOC cybersecurity for collecting logs and data from multiple network sources for the evaluation, analysis and correlation of network events used for threat detection. However, modern SIEMs are most effective because they leverage machine learning and behaviour analytics to identify increasingly sophisticated cyberattacks and highly targeted hack techniques. When used in conjunction with a full arsenal of tools like intelligent incident timeline construction and automated response, modern SIEMs provide significantly more context for how attackers think, work or what they are after.

 

“Our research determined that SIEMs, Exabeam’s in particular, save time, increase productivity and improve security effectiveness for security teams,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “Exabeam provides enterprise security teams with the gift of time through a compelling user-based pricing model and modern features like behavioural analytics, machine-built timelines, automated incident response playbooks, and use case-specific content such as parsers, rules, models, playbooks and reports.”

 

The report further highlights that security operations teams are under water. In approximately 80 percent of companies, SIEM solutions do not help reduce their headcount costs. Instead, improved productivity allows security leadership to better deliver on their existing mandates. This is especially important considering that one-third of respondents to the Exabeam 2019 State of the SOC Report reported being understaffed, with the most common shortage being 6-10 employees.