Significant time wasted chasing false positives

Research indicates an urgent need for newer SIEM technologies that increase SOC analyst productivity and improve security effectiveness as U.S. enterprises struggle to respond to nearly 4,000 alerts per week.

Exabeam and the Ponemon Institute, have published joint research, revealing that on average, security personnel in U.S. enterprises waste approximately 25 percent of their time chasing false positives because security alerts or indicators of compromise (IOCs) are erroneous. The report also highlighted the need for security operations centre (SOC) productivity improvements, citing that security teams must evaluate and respond to nearly 4,000 security alerts per week.

The persistent struggle to improve productivity revealed the need for newer security information and event management (SIEM) technologies such as user and entity behaviour analytics (UEBA) and security orchestration, automation and response (SOAR). While the study found that chasing false positives is the most time-consuming task for security teams, it also showed that 1) investigating actionable intelligence and building incident timelines and 2) cleaning, fixing and/or patching networks, applications and devices resulting from an incident each take over 15 percent of a security team’s time. These inefficiencies can stymie response times to cyberattacks, leaving organisations vulnerable to data and financial losses for longer periods.

However, the report found that modern SIEM technologies such as UEBA and SOAR can significantly improve productivity. Exabeam was able to reduce total time spent by enterprises on security tasks by 51 percent. Other SIEM solutions were only able to reduce the total time by less than a third (31 percent).

SIEMs are central to SOC cybersecurity for collecting logs and data from multiple network sources for the evaluation, analysis and correlation of network events used for threat detection. However, modern SIEMs are most effective because they leverage machine learning and behaviour analytics to identify increasingly sophisticated cyberattacks and highly targeted hack techniques. When used in conjunction with a full arsenal of tools like intelligent incident timeline construction and automated response, modern SIEMs provide significantly more context for how attackers think, work or what they are after.

“Our research determined that SIEMs, Exabeam’s in particular, save time, increase productivity and improve security effectiveness for security teams,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “Exabeam provides enterprise security teams with the gift of time through a compelling user-based pricing model and modern features like behavioural analytics, machine-built timelines, automated incident response playbooks, and use case-specific content such as parsers, rules, models, playbooks and reports.”

The report further highlights that security operations teams are under water. In approximately 80 percent of companies, SIEM solutions do not help reduce their headcount costs. Instead, improved productivity allows security leadership to better deliver on their existing mandates. This is especially important considering that one-third of respondents to the Exabeam 2019 State of the SOC Reportreported being understaffed, with the most common shortage being 6-10 employees.

Research shows ‘game needs to be changed,’ with security innovation years behind that of the attackers, the board a decade behind security discussions and regulation needing more industry input.
73% of organizations lack automated patch management, and 62% experienced incidents involving exploitation of a vulnerability for which a patch was available but had not yet been deployed.
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with certain of its affiliates, “Clearlake”) to acquire the Company from Francisco Partners. Patrick Nichols, current CEO of Quest, will continue to lead the Company supported by the existing executive management team. Upon closing of the transaction, Clearlake will become the majority shareholder in Quest. The terms of the transaction were not disclosed.
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to help secure, isolate and recover data from a ransomware attack.
Aqua’s cloud native application protection platform becomes the only solution that protects cloud applications, their code, and their CI/CD infrastructure.
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that the UK’s Mid-Market IT Leadership expects to see a shortfall in IT spend in 2022. While 52% of IT decision-makers believe their 2021 budget met the ambitions of their team, there seems to be less certainty and confidence about future finances — 61% think their budget will need to increase in 2022, but only 13% expect it to.
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities compared to legacy on-premises hardware and appliance-based models.