Vectra AI, a provider of AI-driven cyber threat detection and response solutions for hybrid and multi-cloud enterprises, has unveiled the results of its 2023 State of Threat Detection Research Report, shedding light on the challenges faced by security operations center (SOC) teams in effectively safeguarding organizations from cyberattacks.
Modern security operations teams face a daunting task of countering increasingly sophisticated and fast-paced cyber threats. However, the complexity of their resources, including people, processes, and technology, has made cyber defense unsustainable. This spiraling issue, referred to as the “spiral of more,” is hampering their ability to secure their organizations effectively. The report is based on a survey of 2,000 SecOps analysts, including 200 from the UAE and KSA, and highlights the reasons behind the current approach’s shortcomings.
The “Spiral of More” Threatens Regional Security Teams:
The manual handling of alerts costs organizations $3.3 billion annually in the US alone, burdening security analysts with the task of detecting, investigating, and responding to threats quickly and efficiently. However, the constantly expanding attack surface and the overwhelming number of daily security alerts lead to the following findings for UAE and KSA:
– 48% of IT security analysts report a growth in their attack surface over the past three years.
– SOC teams in the UAE and KSA receive an average of 6,736 daily alerts (approximately 2,252 more than the global average) and spend almost two and a half hours daily manually triaging these alerts.
– On average, security analysts in the UAE and KSA are unable to address 73% of daily alerts, with 85% of them being false positives and deemed not worth their time.
SOC Analysts in the UAE and KSA Lack Effective Tools:
Despite a majority of SOC analysts considering their tools to be effective, the presence of blind spots and the high volume of false positive alerts prevent regional enterprises and their SOC teams from effectively managing cyber risks. Key findings include:
– 96% of surveyed UAE and KSA SOC analysts worry about missing relevant security events due to an overwhelming flood of alerts. Yet, most analysts still find their tools effective overall.
– 40% of UAE and KSA security analysts believe alert overload is common because vendors fear not flagging an event that could be crucial.
– 43% claim that security tools are often purchased just to fulfill compliance requirements, and 54% wish IT team members would consult them before investing in new products.
UAE and KSA Security Analysts Face Burnout, Endangering Organizational Security:
Despite the increasing adoption of AI and automation, the security industry in the UAE and KSA still relies heavily on human analysts to interpret data, conduct investigations, and take remedial action based on intelligence. The study found:
– Despite 73% of UAE and KSA respondents claiming their job meets expectations, 74% are considering leaving or actively leaving their job.
– Of those analysts contemplating leaving, 31% say it’s due to spending excessive time sifting through poor-quality security alerts.
– 48% of regional analysts feel overwhelmed with work, as if they’re doing the job of multiple people, and 44% don’t consider working in the security sector a viable long-term career option.
Kevin Kennedy, Senior Vice President of Products at Vectra AI, emphasized the urgent need for change in the threat detection approach. He highlighted that the current surplus of disparate and siloed tools generates excessive detection noise for SOC analysts, creating an ideal environment for attackers. He urged the industry to hold security vendors accountable for the effectiveness of their signals, as more effective threat signals lead to increased cyber resilience and SOC effectiveness.
