Sumo Logic’s 2020 State of SecOps and Automation report highlights why the security operations center (SOC) needs to adopt cloud-native SIEM tools to manage high volume of security alerts that have doubled in the past five years.
Sumo Logic’s 2020 State of SecOps and Automation report Opens a new window underscores how SOC automation can cut down on ‘alert fatigue’ in today’s security environment. Interestingly SOC automation has been a rage for quite some time — security analysts battle high volume of false positives that are a drain on crucial security resources. False positives and alert fatigue is pegged as a top challenge in day-to-day SOC operations.
Additionally, the complexities associated with traditional Security Information and Event Management Opens a new window (SIEM) technology have spurred the demand for a new approach to address challenges in the SOC via cloud-native SIEMs, combined with security automation capabilities.
Greg Martin, General Manager for Security Business Unit at Sumo Logic said, “Enterprises are arguably dealing with more data today than ever before, and the pain security operations teams are feeling is significant. There’s never been a more important time to ensure IT security operations are up to par.â€
Diane Hagglund, Principal for Dimensional Research noted, “Today’s security operations teams are faced with constant threats of security breaches that can lead to severe fallout including losing customers, diminished brand reputation and reduced revenue.
Learn More: Your 6-Point Guide for Evaluating Next-Gen SIEM ToolsOpens a new window
Change in Volume of Security Alerts Over the Past 5 Years
70% respondents said alerts have doubled while 24% said they are witnessing a tenfold increase. An increase in evolving threats account for higher alerts, 67% to be exact.
Interestingly, growth in cloud infrastructure, which is the preferred choice for modern security operations teams sits at 55%. And 75% of respondents agree that cloud environments generate more alerts than on-premise infrastructure.
Companies generating large amounts of data, whether on cloud, endpoints or on-premise infrastructure may attract increased threats, which in turn gives rise to high volume of security alerts.
Understandably, increased volumes pose more problems. A whopping 99% of respondents report high volumes of alerts cause problems for IT security teams, some of which include:
- 68% believe important issues are overshadowed by a flood of noise
- 66% feel their time is wasted time chasing false positives
- 50% team members are overwhelmed
- 47% believe too much time is spent on triaging alerts
With as many as 1000 alerts per day, and the need to deal with them, 83% respondents went on to say their security staff experiences alert fatigue. To add to that, only 7% organizations handle 100% security alerts, and 44% handle more than 80% security alerts on the same day.
In order to address 100% of security alerts, 75% IT professionals said they’d need 3 or more analysts.
Additionally, 88% say they face challenges in traditional SIEM.
So how can organizations ensure the security operations center is run efficiently?
Learn More: Automation in the SOC – What’s Missing With SOAR and SIEMOpens a new window
Automation Can Help
65% of teams with high levels of automation resolve most security alerts the same day compared to only 34% of those with low levels of automation. Further, 92% of respondents agree that good automation is the best solution for dealing with large volumes of security alerts. Hagglund said, “To effectively minimize risk and bridge the gap, many companies rely on automated solutions that provide real-time analysis of security alerts.
A whopping 99% of respondents believe they’d benefit from additional SIEM capabilities, such as automated alert triage with actionable insights (61%), one solution for both on-prem and multi-cloud infrastructure (51%), out-of-the-box content for rapid time to value (49%), and a scalable cloud-native solution to minimize ongoing maintenance (45%).
Automation Helps, But It Is Still a Work in Progress
While automation can help, it’s quite got a long way to go considering only 3% have implemented automation capabilities completely. Of the rest, 92% are in the process of automating security operations while 5% haven’t even started.
The findings indicate a general belief that organizations can identify, prioritize and respond effectively with automation. Hagglund added, “These findings highlight the challenges SOC teams are facing in a cloud-centric world, but more importantly why enterprises are aggressively looking to cloud-native alternatives for security analytics and operations.â€
Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!