Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity

    Fidelis Report Reveals Most Security Alerts Not Triaged by SOCs

    Written by

    Sean Michael Kerner
    Published March 21, 2018
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Fidelis Cybersecurity released its State of the SOC (Security Operations Center) report on March 21, providing insights into the current state of IT security operations.

      The 16-page report was conducted by 360Velocity for Fidelis and exposes a number of shortcomings in modern SOCs. Among the highlights of the report is the finding that a high percentage of alerts are not addressed each day.

      “The research found that 83 percent of surveyed companies do not even triage half of their alerts and only 6 percent triaged 75 percent or more alerts per day,” Sam Erdheim, vice president at Fidelis Cybersecurity, told eWEEK. “The sheer volume of alerts that goes unaddressed each day speaks volumes about SOC inefficiencies and ultimately what is missed each and every day.”

      There are multiple reasons why organizations do not investigate most of the security alerts received. One reason, according to the Fidelis report, is volume, with 60 percent of SOC analysts reporting that they are only able to handle seven to eight investigations a day.

      One way to help boost efficiency in SOC operations is by integrating different security controls, but unfortunately that’s not happening in most SOCs. Fidelis’ report found that 70 percent of survey respondents said that at least half of their security controls were not integrated. Erdheim noted that there are certain controls that, when integrated into an SOC, can help improve response.

      “A key security integration point is with breach detection and EDR [endpoint detection and response] products,” he said. “For example, with the capabilities integrated, an alert from the breach detection system could be prevalidated on the endpoint, allowing for faster alert triaging and response.”

      Automation is another key element that can improve SOC operations. Erdheim said automating tasks such as combining similar alerts can save tremendous time by reducing duplicate efforts. He added, however, that in his view actual investigations should stay with human analysts.

      Metrics

      There are many different metrics used by SOCs to measure the efficiency of incident response operations. According to the study, 80 percent of respondents held the view that the metrics they use are “not effective” or “had room for improvement.”

      Erdheim noted that there are several common metrics used by SoCs today that he has seen Fidelis customers use, including average investigation process time, percent of alerts triaged per day, time to respond and remediate a breach/threat, and average cost per incident investigated.

      “Metrics that show the alert coverage [i.e., alerts triaged vs. abandoned] is a key one as we have seen how many are ultimately abandoned, and that’s a metric that is easily trackable and which can be improved upon,” he said. “More strategic metrics revolve around how many investigations, or what percent of investigations were completed with a conclusion, and number of investigations that led to reprioritization of security approach.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and writer for several leading IT business web sites.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×