FireEye Report: MSSPs Have ‘Fear of Missing Incidents’ (FOMI)

Fear of missing incidents (FOMI) and alert fatigue are "real" problems for many MSSP security analysts and managers, according to "The Voice of the Analysts: Improving Security Operations Center Processes Through Adapted Technologies" report from FireEye.

Notable findings from FireEye's report included:

In addition, FireEye's report revealed MSSP security analysts and managers are increasingly dealing with "alert overload," which is reflected in the following results:

MSSP security analysts and managers often face hundreds or thousands of alerts daily, FireEye noted. Meanwhile, they must sort through these alerts to find potential breaches, which can lead to FOMI and alert fatigue.

FOMI and alert fatigue can cause MSSP security analysts and managers to tune out alerts, FireEye indicated. To combat FOMI and alert fatigue, analysts and managers can use security solutions that automate threat hunting, cyber investigations and other security operations.

What Are the Top Tools to Investigate Security Alerts?

Security orchestration, automation and response (SOAR), security information and event management (SIEM) and threat hunting were among the top tools that security teams used to investigate security alerts, according to FireEye's report. Furthermore, 40 percent of security analysts said they use artificial intelligence and machine learning technologies alongside these tools.

MSSP security analysts and managers are being overwhelmed by false-positive alerts from disparate solutions, FireEye VP of Customer Success Chris Triolo said. Extended detection and response (XDR) and other automation tools may help security analysts and managers alleviate this issue.