CyberNews Briefs

SOCs still overwhelmed by alert overload, struggle with false-positives

A new survey by Critical Start shows that Security Operations Center (SOCs) are increasingly overwhelmed with alerts, and that false-positives remain a major contributor to alert fatigue. 70% of SOC analysts said they face 10 or more alerts every day, compared to 45% in last year’s report, while 78% of analysts stated that investigating these notifications takes a minimum of 10 minutes per incident, which was true for just 64% respondents last year.

In addition, almost half of respondents indicated that false-positives make up at least half of all alerts. Given this development, more and more SOC workers consider their main responsibility to be the reduction of alert volume and/or alert investigation times, rather than actually investigating and mitigating threats.

Read more: SOCs still overwhelmed by alert overload, struggle with false-positives

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.