Security operations center (SOC) practitioners believe they are losing the battle to detect and prioritise real threats due to too many siloed tools and a lack of accurate attack signal, according to a report from Vectra AI.
The report is based on a June 2024 study commissioned by Vectra AI and carried out by Sapio Research.
The study was conducted among 2,000 individuals involved in cybersecurity with their organizations or who influence decisions on cybersecurity, working in organizations with at least 1,000 employees. Respondents are based in North America (500), Europe (850), Asia-Pacific (400), and the Middle East (250).
Survey respondents cite a growing distrust in vendors, believing their tools can be more of a hindrance than help in spotting real attacks. This is at odds with growing confidence in their teams’ abilities and a sense of optimism around the promise of artificial intelligence (AI).
The hybrid attack landscape continues to expand as organizations increasingly turn to generative AI-powered tools to streamline processes and enhance their work. This creates more opportunities for attackers and challenges for security teams who are already struggling with security alert noise and false positives.
Even though SOC teams are more confident in their defenses than they were a year ago, many feel they do not have the right tools to help them effectively detect and prioritize real threats.
Many SOC teams are managing too many tools and still struggle with an overwhelming number of alerts, leading to concerns about missing critical threats. This is driving a lack of confidence and trust in the current threat detection tools practitioners are using and resulting in practitioners seeking alternative solutions, such as extended detection and response (XDR) solutions.
The study found that nearly three-quarters (73% vs global 71%) of APAC SOC practitioners worry they will miss a real attack buried in a flood of alerts and 51% (same as global) believe they cannot keep pace with the increasing number of security threats.
Nearly half (45% vs global 47%) of practitioners do not trust their tools to work the way they need them to work, while 52% (global 54%) say the tools they work with actually increase the SOC workload instead of reducing it.
Practitioners also continue to struggle with alert accuracy, with a significant number of alerts going unaddressed due to time constraints and insufficient tool support. While there are signs of improvement in areas like visibility across hybrid environments, the overwhelming volume of alerts remains a significant issue.
The study also found that 56% (global 60%) of APAC SOC practitioners say vendors are selling threat detection tools that create too much noise and too many alerts, while 69% (global 71%) say vendors need to take more responsibility for failing to stop a breach.
Almost half (46% vs global 50%) of SOC practitioners say their security tools are more of a hindrance than help when it comes to spotting real attacks, noting that realistically, they are only able to deal with 38% (same as global) of the alerts they receive, while they would classify 17% (global 16%) of them as “real attacks.”
SOCs are increasingly adopting AI to improve threat detection and response, driven by a growing trust in AI’s capabilities. However, for AI to truly gain widespread acceptance, vendors must work to rebuild trust by delivering tools that add real value without increasing the burden on SOC teams.
The study found that 82% (global 85%) of APAC SOC practitioners say their level of investment and use of AI has increased in the last year, with 63% (global 67%) noting that AI has had a positive impact on their ability to identify and deal with threats.
Also, 87% (global 89%) of SOC practitioners plan to use more AI-powered tools over the next year to replace legacy threat detection and response.
“The data suggests that the tools being used for threat detection and response, along with the vendors who sell them, aren’t holding up their end of the deal,” said Mark Wojtasiak, vice VP of research and strategy at Vectra AI.
