Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Fidelis Report Reveals Most Security Alerts Not Triaged by SOCs

    By
    Sean Michael Kerner
    -
    March 21, 2018
    Share
    Facebook
    Twitter
    Linkedin
      SoC security

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Fidelis Cybersecurity released its State of the SOC (Security Operations Center) report on March 21, providing insights into the current state of IT security operations.

      The 16-page report was conducted by 360Velocity for Fidelis and exposes a number of shortcomings in modern SOCs. Among the highlights of the report is the finding that a high percentage of alerts are not addressed each day.

      “The research found that 83 percent of surveyed companies do not even triage half of their alerts and only 6 percent triaged 75 percent or more alerts per day,” Sam Erdheim, vice president at Fidelis Cybersecurity, told eWEEK. “The sheer volume of alerts that goes unaddressed each day speaks volumes about SOC inefficiencies and ultimately what is missed each and every day.”

      There are multiple reasons why organizations do not investigate most of the security alerts received. One reason, according to the Fidelis report, is volume, with 60 percent of SOC analysts reporting that they are only able to handle seven to eight investigations a day.

      One way to help boost efficiency in SOC operations is by integrating different security controls, but unfortunately that’s not happening in most SOCs. Fidelis’ report found that 70 percent of survey respondents said that at least half of their security controls were not integrated. Erdheim noted that there are certain controls that, when integrated into an SOC, can help improve response.

      “A key security integration point is with breach detection and EDR [endpoint detection and response] products,” he said. “For example, with the capabilities integrated, an alert from the breach detection system could be prevalidated on the endpoint, allowing for faster alert triaging and response.”

      Automation is another key element that can improve SOC operations. Erdheim said automating tasks such as combining similar alerts can save tremendous time by reducing duplicate efforts. He added, however, that in his view actual investigations should stay with human analysts.

      Metrics

      There are many different metrics used by SOCs to measure the efficiency of incident response operations. According to the study, 80 percent of respondents held the view that the metrics they use are “not effective” or “had room for improvement.”

      Erdheim noted that there are several common metrics used by SoCs today that he has seen Fidelis customers use, including average investigation process time, percent of alerts triaged per day, time to respond and remediate a breach/threat, and average cost per incident investigated.

      “Metrics that show the alert coverage [i.e., alerts triaged vs. abandoned] is a key one as we have seen how many are ultimately abandoned, and that’s a metric that is easily trackable and which can be improved upon,” he said. “More strategic metrics revolve around how many investigations, or what percent of investigations were completed with a conclusion, and number of investigations that led to reprioritization of security approach.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×