itb-au logo
Story image

Security teams spend 25% of their time chasing false positives

07 Aug 2019

More than 25% of IT security teams' time is spent chasing false positives because there’s just too much error in security alerts and indicator-of-compromise (IOCs).

That’s according to research from the Ponemon Institute and Exabeam, which highlights an urgent need for enterprises to improve and modernise their security operations centre (SOC) productivity.

The study, conducted on security personnel from the United States, found that teams typically respond to 4000 security alerts per week.

While false positives were found to be the primary concern for security teams, the report also showed that teams were also concerned about investigating actionable intelligence and building incident timelines as well as cleaning, fixing and/or patching networks. 

Applications and devices resulting from an incident each take more than 15%of a security team’s time. These inefficiencies can stymie response times to cyber attacks, leaving organisations vulnerable to data and financial losses for longer periods.

While security information and event management (SIEM) tools are important assets in security, organisations also need to look at newer technologies such as user and entity behaviour analytics (UEBA) and security orchestration, automation, and response (SOAR).

“SIEMs are central to SOC cybersecurity for collecting logs and data from multiple network sources for the evaluation, analysis and correlation of network events used for threat detection,” notes the report.

“However, modern SIEMs are most effective because they leverage machine learning and behaviour analytics to identify increasingly sophisticated cyberattacks and highly targeted hack techniques. When used in conjunction with a full arsenal of tools like intelligent incident timeline construction and automated response, modern SIEMs provide significantly more context for how attackers think, work or what they are after.”

Organisations are seeing value from SIEM investments in a short period of time due to the improvement in IT security team effectiveness. 

The report further highlights that in approximately 80% of companies, SIEM solutions do not help reduce their headcount costs. Instead, improved productivity allows security leadership to better deliver on their existing mandates. 

“Our research determined that SIEMs save time, increase productivity and improve security effectiveness for security teams,” comments the Ponemon Institute chairman and founder Larry Ponemon.

The Ponemon survey, sponsored by Exabeam, sought the opinions of 596 experienced IT and IT security practitioners in the United States. 

All respondents were familiar with their organisation’s SIEM deployment and involved in the detection, investigation and/or remediation of security threats inside its network. Among those respondents, a subsample included 42 Exabeam customers.

Link image
Cloud telephony 101: The business case to replace on-prem phone systems
A growing number of organisations are using Microsoft Teams for cloud telephony, fully replacing legacy on-premises phone systems. Here are the benefits.More
Story image
How 'data gravity' centres can spell trouble for enterprises
In the not-too-distant past, data was created in a much more centralised place, and users and systems had far less access to it. Now, with digital data from social, analytics, mobile, cloud, IoT and more being created with both simultaneity and omnipresence, so much information is being collected that it’s forming a ‘centre of gravity’.More
Story image
Why network monitoring and visibility are key to 5G success
Service providers must be prepared to offer unparalleled 5G experiences without compromising on speed, performance or security - all without breaking the bank.More
Story image
The value of trust in the age of data breaches
Since it is practically impossible to avoid using the internet today, all parties are put under increasing pressure to implement better security practice to protect their personal information. More
Link image
How a major gas firm keeps onshore and offshore staff connected with LoopUp
With almost 2000 staff and many offices around the world, GasLog needed a reliable calling solution. Here’s how it uses LoopUp & Microsoft Teams to keep everyone connected - no matter where in the world they are.More
Story image
Next.js React framework updated to deliver modern web experience
Vercel developed the updated Next.js version in collaboration with more than 1300 open source contributors, as well as partners including Facebook and Google.More