September 27, 2020

“2020 State of SecOps and Automation” report: the number of security alerts doubled

2 min read

Sumo Logic recently released the results of a global SOC and SecOps security operation survey, which revealed the obstacles and difficulties faced by security professionals in the modernization of the security operations center (SOC).

The following is the highlight information of the “2020 State of SecOps and Automation” report:
The complexity of traditional SIEM products and the desire to improve the efficiency of mass alarm information management are driving the combination of cloud-native SIEM and security automation functions to effectively respond to SOC challenges.

Today’s security operations team faces constant threats to potential security risks, which can lead to serious consequences, including losing customers, reducing brand reputation, and reducing revenue. To effectively minimize risks and bridge the gap, many companies rely on automated solutions that provide real-time analysis of security alerts. These findings highlight the challenges facing the SOC team in a cloud-centric world, but more importantly, reveal why companies are actively seeking cloud-native alternatives for security analysis and operations.

The study shows that the increasing number of security alerts that need to be managed is a major issue for IT security professionals. Although automatic security alert processing can help alleviate this problem, for most security teams, related solutions are still evolving.

The growth of security alerts has become a major problem in security operations
  • As much as 70 percent of companies studied have reported that the number of security alerts they receive on a daily basis has at least doubled over the past five years.
  • 83% reported their security teams were dealing with “alert fatigue” from getting so many alerts flooding the SOC each day that security analysts are unable to address all of them
  • Contrary to a common belief that more alerts mean greater visibility, most enterprises report problems rather than benefits stemming from large volumes of alerts. 99% of the security teams surveyed observed multiple issues related to receiving high volumes of security alerts

The report pointed out that today enterprises need to process more data than ever before, and what makes the security operations team feel painful is that the pressure of IT security operations to meet the standards is also the greatest. Companies need to adopt solutions that can quickly identify, prioritize, and respond only to the most critical warning signals so that they will not indulge in worthless alarm overload.