- Overburdened analysts: Meritalk found that 68% of security teams are overwhelmed by the amount of data to be processed, and 78% feel that, as a result, they had no opportunity to proactively address threats. Teams reactively run from fire to fire, and burnout levels are highbecause so much responsibility is placed on the shoulders of very few people. This unnecessary noise creates additional layers of complexity which further obscure the true picture of what’s taking place.
- Unresolved alerts: With tens of thousands of alerts, many of which are false positives, coming in each month from a slew of disparate tools, it’s no wonder that events slip through the cracks. In fact, the high-profile Target breach of 2013 was in part due to an alert that went uninvestigated.
- The work has become overly complex: It takes a person of a certain skill set to be capable of dealing with the high volume of alerts and numerous individual tools and platforms intricately involved with keeping a SOC moving. It’s a nuanced process that poses a challenge to even the most qualified security personnel. And the confusion created by these different point “solutions” causes additional frustration among analysts.