Security teams spend 25 percent of their time chasing false positives

Published: Tuesday, 06 August 2019 08:46

Exabeam and the Ponemon Institute, have published research results which reveal that on average, security personnel in US enterprises waste approximately 25 percent of their time chasing false positives because security alerts or indicators of compromise (IOCs) are erroneous. The report also highlighted the need for security operations centre (SOC) productivity improvements, citing that security teams must evaluate and respond to nearly 4,000 security alerts per week.

The persistent struggle to improve productivity revealed the need for newer security information and event management (SIEM) technologies such as user and entity behaviour analytics (UEBA) and security orchestration, automation and response (SOAR).

While the study found that chasing false positives is the most time-consuming task for security teams, it also showed that investigating actionable intelligence and building incident timelines, and cleaning, fixing and/or patching networks, applications and devices resulting from an incident, each take over 15 percent of a security team’s time. These inefficiencies can extend response times to cyber attacks, leaving organizations vulnerable to data and financial losses for longer periods.
The Ponemon survey, sponsored by Exabeam, sought the opinions of 596 experienced IT and IT security practitioners in the United States. All respondents were familiar with their organization’s SIEM deployment and involved in the detection, investigation and/or remediation of security threats inside its network.

More details.