More than half of security analysts frustrated with lack of progress over mundane tasks new research from SIRP Labs reveals
July 2020 by SIRP Labs
More than half (51%) of security analysts regard time spent on mundane tasks as the worst part of working in a Security Operations Centre (SOC) according to new research from SIRP Labs, released today. In fact, there is a strong correlation between how much time is spent managing alerts and frustration with 58% of those spending between 10% and 50% of their day on alerts voicing their frustration.The findings are part of an independent study by Sapio Research commissioned by SIRP Labs, a leading Risk-based Security Orchestration, Automation and Response (SOAR) platform provider, following interviews with 250 security analysts in July 2020.
Room for improvement
The average SOC leaves plenty of room for improvement. Almost a third (29%) of respondents believe missed alerts due to high volumes are a significant, even serious, problem. In companies of 1,000-2,500 employees the figure rises to 46%. Elsewhere, 1-in-4 alerts prove to be false positives leaving half (51%) of survey respondents frustrated to a greater or lesser extent with current processes for investigating threats. On average, time spent managing security alerts in man hours alone is costing organisations £200,6011 a year the study also reveals.
Among other salient points captured in the survey, the average enterprise SOC receives 840 security alerts every day (significantly for 10% of respondents the figure is substantially higher at 5,000 a day). A single security analyst earning the industry average salary of £30,957 spends just under one fifth of their time (18%) managing security alerts. In human terms alone, based on a team of 6 security analysts to a SOC, this works out at an average cost across the industry of £200,601. The alerts are generated by an average of 12 security tools (28%) - although 6-10 (35%) is more typical. On average 6-10 (24%) security analysts work in a team - while 3-5 (34%) is a more typical number.
What progress looks like
Currently less than a third (32%) of the triage & incident response process is automated. Of the respondents in the study, 76% said process automation makes them feel good. This figure is even higher among junior managers (84%). This may help explain why the overwhelming majority (75%) of security analysts want more process automation, especially as 96% of them spend time prioritising alerts based on the risk to the organisation.
“This study graphically illustrates the human and financial cost of working in a busy, high-pressure security operations centre,” said Faiz Shuja, Co-Founder & CEO, SIRP Labs. “In general, organisations have not done enough to improve upon SOCs’ all too familiar flaws from security tool sprawl to over-reliance on mundane manual processes to missed alerts and false positives. “It lays bare SOC analysts’ frustrations many of whom would like to see the introduction of more automation to help raise productivity as well as reduce the number of false positives and missed alerts,” he added.