sb-nz logo
Story image

Security teams spend 25% of their time chasing false positives

07 Aug 2019

More than 25% of IT security teams' time is spent chasing false positives because there’s just too much error in security alerts and indicator-of-compromise (IOCs).

That’s according to research from the Ponemon Institute and Exabeam, which highlights an urgent need for enterprises to improve and modernise their security operations centre (SOC) productivity.

The study, conducted on security personnel from the United States, found that teams typically respond to 4000 security alerts per week.

While false positives were found to be the primary concern for security teams, the report also showed that teams were also concerned about investigating actionable intelligence and building incident timelines as well as cleaning, fixing and/or patching networks. 

Applications and devices resulting from an incident each take more than 15%of a security team’s time. These inefficiencies can stymie response times to cyber attacks, leaving organisations vulnerable to data and financial losses for longer periods.

While security information and event management (SIEM) tools are important assets in security, organisations also need to look at newer technologies such as user and entity behaviour analytics (UEBA) and security orchestration, automation, and response (SOAR).

“SIEMs are central to SOC cybersecurity for collecting logs and data from multiple network sources for the evaluation, analysis and correlation of network events used for threat detection,” notes the report.

“However, modern SIEMs are most effective because they leverage machine learning and behaviour analytics to identify increasingly sophisticated cyberattacks and highly targeted hack techniques. When used in conjunction with a full arsenal of tools like intelligent incident timeline construction and automated response, modern SIEMs provide significantly more context for how attackers think, work or what they are after.”

Organisations are seeing value from SIEM investments in a short period of time due to the improvement in IT security team effectiveness. 

The report further highlights that in approximately 80% of companies, SIEM solutions do not help reduce their headcount costs. Instead, improved productivity allows security leadership to better deliver on their existing mandates. 

“Our research determined that SIEMs save time, increase productivity and improve security effectiveness for security teams,” comments the Ponemon Institute chairman and founder Larry Ponemon.

The Ponemon survey, sponsored by Exabeam, sought the opinions of 596 experienced IT and IT security practitioners in the United States. 

All respondents were familiar with their organisation’s SIEM deployment and involved in the detection, investigation and/or remediation of security threats inside its network. Among those respondents, a subsample included 42 Exabeam customers.

Story image
Cloud services top threat vector for healthcare industry
"The coronavirus pandemic continues to highlight the unique cybersecurity needs of the healthcare industry, even as it has increased the number of threats these organisations face."More
Story image
Addressing the challenges of least privilege access
Enforcing the right privilege policies across the environment with the right visibility and observability will ensure that the policy mandates hold tight against any behaviour changes.More
Story image
WatchGuard uncovers top cyber threat trends of Q4 2020
“The rise in sophisticated, evasive threat tactics last quarter and throughout 2020 showcases how vital it is to implement layered, end-to-end security protections."More
Story image
Enterprises underutilising security tools, causing teams to burn out
The report unveiled a lack of meaningful ROI metrics when reporting on security progress, as well as disparate opinions on objectives, tool effectiveness and security awareness amongst the organisation between executives and operations on security teams.More
Story image
Pandemic sees organisations of all sizes and industries invest in CTI
There is opportunity for organisations to better manage their cyber-threat intelligence for greater security and threat intelligence effectiveness by adopting the right tools and processes.More
Story image
WatchGuard names new regional director for A/NZ
Anthony Daniel says, "I look forward to continuing to drive our business strategy, grow our channel and to supporting business growth Australia and New Zealand and the Pacific islands."More