Nearly three in four organizations (70 percent) are struggling to keep up with the volume of alerts generated by their security analysis tools. This translates into a lack of resources for key strategic tasks, leading organizations to turn to process automation and outsourcing, as shown in the recent ESG study, SOC Modernization and the Role of XDR, commissioned by Kaspersky .
In addition to the volume of alerts, however, the variety of alerts also poses a challenge for more than two-thirds (67 percent) of those employed in a security operations center (SOC). Both factors make it difficult for SOC analysts to focus on more complex and important tasks focus. At one in three companies (34 percent), cybersecurity teams, overwhelmed by alerts and emergency security issues, don't have enough time to focus on strategy and process optimizations.
Lack of staff is not the problem
The study also shows that companies do not attribute this situation to a lack of staff. 83 percent believe their SOC has enough staff to effectively protect a company of their size. However, they believe that it would be necessary to automate processes and use external services. More than half of those surveyed (55 percent) see the primary reason for using managed services as giving their staff more time to focus on more strategic initiatives rather than spending time on security operations tasks.
"Instead of proactively looking for advanced threats and evasive threats in infrastructure, SOC analysts can currently only respond to emergencies," said Yuliya Andreeva, senior product manager at Kaspersky. “Reducing the number of alerts, automating their consolidation and correlation into incident chains, and reducing overall response time should be the focus for organizations to improve the performance of their SOC. They can achieve this through appropriate automation solutions and external experts.”
Recommendations for optimizing SOC operations
- Organize work shifts in the SOC to avoid staff overload. Distribute the main tasks such as monitoring, investigation, IT architecture and engineering, administration and SOC management to all employees.
- Leverage a comprehensive threat intelligence service [2] that enables the integration of machine-readable intelligence with existing security controls, such as a SIEM system. This can automate the initial triage process and generate enough context to decide whether to investigate an alert immediately.
- To free the SOC from routine alert triage tasks, organizations can turn to proven managed detection and response services. Kaspersky Managed Detection and Response [3] combines AI-based detection technologies with extensive threat hunting and incident response expertise from professional units, including the Kaspersky Global Research & Analysis Team (GReAT).
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/