Your security operations center (SOC) is barraged with so many alerts that your team may be shell-shocked into believing that they are under a constant and unmanageable assault.
Indeed, they are under siege—from a constant barrage of data. Alert fatigue is not just some industry buzz phrase—it’s a very real phenomenon that even the most well-resourced SOC find themselves facing.
A recent report found that 10 percent of security operations center teams are inundated with more than 15,000 security alerts each and every day. And according to a Ponemon survey of IT security professionals, 37 percent of respondents faced more than 10,000 alerts per day, and more than half of those were false positives, which can easily cost organizations thousands of wasted hours and millions of wasted dollars every year.
If you’d like to learn more facts about the SOC, download the full infographic here.
Realistically, many “true positives” are for events with incredibly low value, such as reconnaissance scans. Most scans don’t turn into an issue, and the ones that do often don’t correlate with any information that can be used to defend against the attack.
And, it’s pretty common to miss the signal through the noise—spending too much time on the low value stuff means you could miss actual, impactful attacks.