SOCs still overwhelmed by alert overload, struggle with false-positives
A new survey by Critical Start shows that Security Operations Center (SOCs) are increasingly overwhelmed with alerts, and that false-positives remain a major contributor to alert fatigue. 70% of SOC analysts said they face 10 or more alerts every day, compared to 45% in last year’s report, while 78% of analysts stated that investigating these notifications takes a minimum of 10 minutes per incident, which was true for just 64% respondents last year.
In addition, almost half of respondents indicated that false-positives make up at least half of all alerts. Given this development, more and more SOC workers consider their main responsibility to be the reduction of alert volume and/or alert investigation times, rather than actually investigating and mitigating threats.