Half (51pc) of security analysts regard time on mundane tasks as the worst part of working in a Security Operations Centre (SOC). That is according to new research from SIRP Labs, a cyber intelligence and incident management firm. In fact, there is a strong correlation between how much time is spent managing alerts and frustration with 58pc of those spending between 10pc and 50pc of their day on alerts voicing their frustration.
The findings are part of an independent study by Sapio Research commissioned by SIRP Labs, a Risk-based Security Orchestration, Automation and Response (SOAR) platform, following interviews with 250 security analysts in July 2020.
The average SOC leaves room for improvement, the study suggests. Almost a third (29pc) of respondents believe missed alerts due to high volumes are a significant, even serious, problem. In companies of one thousand to 2,500 employees the figure rises to 46pc. Elsewhere, one in four alerts prove to be false positives leaving half (51pc) of survey respondents frustrated to a greater or lesser extent with processes for investigating threats. On average, time spent managing security alerts in man hours alone is costing organisations £200,6011 a year the study also reveals.
Among other points in the survey, the average enterprise SOC receives 840 security alerts every day (significantly for 10pc of respondents the figure is substantially higher at 5,000 a day). A single security analyst earning the industry average salary of £30,957 spends just under one fifth of their time (18pc) managing security alerts. In human terms alone, based on a team of six security analysts to a SOC, this works out at an average cost across the industry of £200,601. The alerts are generated by an average of 12 security tools (28pc) – although six to ten (35pc) is more typical. On average 6-10 (24pc) security analysts work in a team – while 3-5 (34pc) is a more typical number.
A bare third (32pc) of the triage and incident response process is automated. Of the respondents in the study, 76pc said process automation makes them feel good. This figure is even higher among junior managers (84pc). This may help explain why a majority (75pc) of security analysts want more process automation, especially as 96pc of them spend time prioritising alerts based on the risk to the organisation.
Faiz Shuja, Co-Founder and CEO, SIRP Labs said: “This study graphically illustrates the human and financial cost of working in a busy, high-pressure security operations centre. In general, organisations have not done enough to improve upon SOCs’ all too familiar flaws from security tool sprawl to over-reliance on mundane manual processes to missed alerts and false positives.
“It lays bare SOC analysts’ frustrations many of whom would like to see the introduction of more automation to help raise productivity as well as reduce the number of false positives and missed alerts.”