Steering Clear of Security Blind Spots: What SOCs Need to Know

STEERING CLEAR OF SECURITY BLIND SPOTS

What SOCs Need to Know


View infographic of View infographic of "Steering Clear of Security Blind Spots"

As technologies continue to evolve and expand, organizations experience a technological paradox: Their increasing interconnectivity means that they simultaneously become more distributed. Case in point, robust cloud and networking technologies support today’s widespread adoption of hybrid and remote work arrangements, allowing employees all over the globe to work remotely full time or at least part of the time.

 

34%

of employed persons in the US did some or all of their work at home on days they worked in 2022.

Source:
US Bureau of Labor Statistics

69%

of employed persons in the US did some or all of their work at their workplace.


Source:
US Bureau of Labor Statistics

32.6M

Americans will be working remotely by 2025, which accounts for about 22% of the entire workforce.
 
Source:
UpWork

87%

of US-based employees want to work flexibly, given the chance.

 

Source:
McKinsey & Company

The popularity of these work models has powered the proliferation of modern and distributed systems. Unfortunately, the widespread adoption of such complex infrastructures inadvertently widens the attack surface that cybercriminals can compromise using increasingly sophisticated ransomware attacks and social engineering scams.

To counter this, companies have started deploying cybersecurity tools — lots of them — to keep their data and systems protected against evolving threats and risks. In the process of doing so, however, organizations unintentionally create silos that cause bigger and costlier problems.

On average, organizations use 45 different cybersecurity solutions, with many companies deploying even more security tools than that. Despite the number of tools, security is not a matter of quantity over quality: It has been reported that teams that use more than 50 tools are 8% less effective at detecting attacks and 7% less effective at responding to them.

More cybersecurity solutions also equate to more alerts, which can put a strain on security operations centers (SOCs). Voluminous information, false positives, and alerts — including gray alerts — can lead to SOC teams experiencing alert fatigue and escalated employee burnout.

In a 2021 Trend Micro study that involved IT and SOC teams:

70%

of respondents are emotionally overwhelmed by security alert volume.

55%

of respondents are not confident in their ability to prioritize and respond to alerts.

Source: Trend

In the 2023 State of Enterprise DFIR survey, 54% of digital forensics and incident response (DFIR) teams revealed that they feel burned out at work, while 64% stated that alert and investigation fatigue contributed to their feeling stressed.

Alert fatigue ensues when global security operations centers (GSOCs) drown in a constant barrage of data. The sheer volume of data, coupled with non-stop false positives, can muffle crucial alerts and leave a negative impact on the effectiveness, accuracy, and well-being of SOC members.

On average and daily, SOC teams:

receive 4,484 alerts (one alert every 6.42 seconds in an eight-hour workday).
 

spend nearly three hours manually triaging alerts (37.5% of an eight-hour workday).

are unable to deal with 67% of the alerts they receive.
 
 

Source: Help Net Security

Alert fatigue can have very costly and reputation-damaging consequences for organizations. Take the case of business communications software 3CX, which suffered a supply-chain attack that security researchers disclosed in late March 2023. Based on cybersecurity experts’ analyses of the attack, 3CX users and the 3CX support team seemingly dismissed security alerts about the attack days before it was disclosed, potentially because they assumed these were false positives, owing to the fact that they had received many of those in the past.

This article will help SOC teams minimize burnout and focus their attention, time, and energy on what’s important — potential security blind spots or attack surfaces that can cause big and expensive headaches for organizations.

SECURITY BLIND SPOTS CISOs NEED TO CATCH SIGHT OF

?!? ?!? ?!? ?!? ?!? ?!? ?!? ?!?

Thwarting siloes and burnout is challenging but feasible

SOC burnout is anything but a new phenomenon, and as environments become more complex and threats become more pervasive, advanced, and wide-ranging, SOCs that are tasked with detecting, assessing, and mitigating these attacks will continue to be overwhelmed and overworked.

Admittedly, solving the SOC burnout problem is no easy feat. Corporate leaders would need to actively communicate and collaborate with SOC teams to relieve stress, determine realistic metrics and action items, and identify barriers for productivity.

Organizations would also need to invest in security solutions that can support their SOC teams to deal more effectively with stressful and time-consuming aspects of the job that can be automated, such as reporting and sifting through troves of information and alerts, so that they can shift their focus on analyzing and mitigating threats.

Trend Vision One™, a cloud-native security operations platform that serves cloud, hybrid, and on-premises environments, can help SOC teams break down silos and improve their security posture. Trend Vision One combines attack surface risk management (ASRM) and extended detection and response (XDR) in a single console to effectively manage cyber risk across your organization, arming it with powerful risk insights, earlier threat detection, and automated risk and threat response options.

Trend Vision One delivers the broadest native XDR sensor coverage in the cybersecurity market. The platform’s native-first, hybrid approach to XDR and ASRM benefits security teams by delivering richer activity telemetry — not just detection data — across security layers with full context and understanding. This results in earlier, more precise risk and threat detection and more efficient investigation.

While tackling the SOC burnout problem remains challenging, organizations can still be empowered to focus on improving communications and workflows and providing their SOC teams with tools that put visibility and automation at the forefront.


HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Опубликовано в Security Technology, Research