Time spent managing security alerts costs enterprise $250,000 a year
London, UK, July 23 2020 – More than half (51%) of security analysts regard time spent on mundane tasks as the worst part of working in a Security Operations Centre (SOC) according to new research from SIRP Labs, released today. In fact, there is a strong correlation between how much time is spent managing alerts and frustration with 58% of those spending between 10% and 50% of their day on alerts voicing their frustration.
The findings are part of an independent study by Sapio Research commissioned by SIRP Labs, a leading Risk-based Security Orchestration, Automation and Response (SOAR) platform provider, following interviews with 250 security analysts in July 2020.
The average SOC leaves plenty of room for improvement. Almost a third (29%) of respondents believe missed alerts due to high volumes are a significant, even serious, problem. In companies of 1,000-2,500 employees the figure rises to 46%. Elsewhere, 1-in-4 alerts prove to be false positives leaving half (51%) of survey respondents frustrated to a greater or lesser extent with current processes for investigating threats. On average, time spent managing security alerts in man hours alone is costing organisations $253,5401 a year the study also reveals.
Among other salient points captured in the survey, the average enterprise SOC receives 840 security alerts every day (significantly for 10% of respondents the figure is substantially higher at 5,000 a day). A single security analyst earning the industry average salary of $39,151 spends just under one fifth of their time (18%) managing security alerts. In human terms alone, based on a team of 6 security analysts to a SOC, this works out at an average cost across the industry of $253,540. The alerts are generated by an average of 12 security tools (28%) - although 6-10 (35%) is more typical. On average 6-10 (24%) security analysts work in a team - while 3-5 (34%) is a more typical number.
Currently less than a third (32%) of the triage & incident response process is automated. Of the respondents in the study, 76% said process automation makes them feel good. This figure is even higher among junior managers (84%). This may help explain why the overwhelming majority (75%) of security analysts want more process automation, especially as 96% of them spend time prioritising alerts based on the risk to the organisation.
“This study graphically illustrates the human and financial cost of working in a busy, high-pressure security operations centre,” said Faiz Shuja, Co-Founder & CEO, SIRP Labs. “In general, organisations have not done enough to improve upon SOCs’ all too familiar flaws from security tool sprawl to over-reliance on mundane manual processes to missed alerts and false positives.
“It lays bare SOC analysts’ frustrations many of whom would like to see the introduction of more automation to help raise productivity as well as reduce the number of false positives and missed alerts,” he added.
SIRP is a Risk-based Security Orchestration, Automation and Response (SOAR) platform that fuses essential cybersecurity information to enable a unified cyber response. Through a single integrated platform, it drives security visibility, so decisions can be better prioritised and response time is dramatically reduced. With SIRP, the entire cybersecurity function works as a single, cohesive unit.
SIRP provides a more dynamic, complete view of incidents, threat intelligence, vulnerabilities, and risks in one place, so you can prioritise and make better decisions faster and respond more effectively. It combines security orchestration, playbook automation and case management capabilities to integrate your team, processes and tools together. SIRP makes security data instantly actionable, provides valuable intelligence and context, and enables adaptive response to complex cyber threats and vulnerabilities. For more information visit the SIRP Labs website at www.sirp.io.
# # #
Paul Shlackman, Gabby Dunne
+44 (0) 1276 486000