sb-nz logo
Story image

Security teams spend 25% of their time chasing false positives

07 Aug 2019

More than 25% of IT security teams' time is spent chasing false positives because there’s just too much error in security alerts and indicator-of-compromise (IOCs).

That’s according to research from the Ponemon Institute and Exabeam, which highlights an urgent need for enterprises to improve and modernise their security operations centre (SOC) productivity.

The study, conducted on security personnel from the United States, found that teams typically respond to 4000 security alerts per week.

While false positives were found to be the primary concern for security teams, the report also showed that teams were also concerned about investigating actionable intelligence and building incident timelines as well as cleaning, fixing and/or patching networks. 

Applications and devices resulting from an incident each take more than 15%of a security team’s time. These inefficiencies can stymie response times to cyber attacks, leaving organisations vulnerable to data and financial losses for longer periods.

While security information and event management (SIEM) tools are important assets in security, organisations also need to look at newer technologies such as user and entity behaviour analytics (UEBA) and security orchestration, automation, and response (SOAR).

“SIEMs are central to SOC cybersecurity for collecting logs and data from multiple network sources for the evaluation, analysis and correlation of network events used for threat detection,” notes the report.

“However, modern SIEMs are most effective because they leverage machine learning and behaviour analytics to identify increasingly sophisticated cyberattacks and highly targeted hack techniques. When used in conjunction with a full arsenal of tools like intelligent incident timeline construction and automated response, modern SIEMs provide significantly more context for how attackers think, work or what they are after.”

Organisations are seeing value from SIEM investments in a short period of time due to the improvement in IT security team effectiveness. 

The report further highlights that in approximately 80% of companies, SIEM solutions do not help reduce their headcount costs. Instead, improved productivity allows security leadership to better deliver on their existing mandates. 

“Our research determined that SIEMs save time, increase productivity and improve security effectiveness for security teams,” comments the Ponemon Institute chairman and founder Larry Ponemon.

The Ponemon survey, sponsored by Exabeam, sought the opinions of 596 experienced IT and IT security practitioners in the United States. 

All respondents were familiar with their organisation’s SIEM deployment and involved in the detection, investigation and/or remediation of security threats inside its network. Among those respondents, a subsample included 42 Exabeam customers.

Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More
Story image
Zoom to begin rolling out end-to-end encryption
Available starting from next week, it represents the first phase out of four of the company’s greater E2EE offering, which was announced in May following backlash that the company was lax on its security and privacy.More
Story image
BayCom partners with NICE inContact to offer cloud contact centre platform in NZ
“With our extensive experience in the industry, BayCom has the ability to design, implement and support CXone nationwide, providing organisations with an industry-leading Contact Centre as a Service (CCaaS) solution to deliver on their customer experience strategies.”  More
Story image
BlackBerry, Microsoft enter partnership for Teams integration
"Integrating BlackBerry AtHoc will ensure that any organisation managing critical events using Teams is able to contact, alert, and account for everyone within the organisation directly."More
Link image
The importance of data resilience in the current cybersecurity climate
Protecting an organisation's data is one of the most crucial functions of any CISO. Strategies should be in place where data is stored securely and cost-effectively.More
Story image
Fujitsu new tech ensures inter-business data trust
The technology can verify when and by whom the data was created, and whether it has been tampered with, to ensure trusted data exchange.More