Fear of missing incidents (FOMI) and alert fatigue are "real" problems for many MSSP security analysts and managers, according to "The Voice of the Analysts: Improving Security Operations Center Processes Through Adapted Technologies" report from FireEye.
Notable findings from FireEye's report included:
- 75 percent of security analysts are worried about missing incidents.
- 25 percent said they worry "a lot" about missing incidents.
- 6 percent of security managers have lost sleep due to fear of missing incidents.
In addition, FireEye's report revealed MSSP security analysts and managers are increasingly dealing with "alert overload," which is reflected in the following results:
- 53 percent of the alerts that security analysts and managers receive are false positives.
- 44 percent of security analysts and managers noted they ignore alerts when their queue gets too full.
- 35 percent indicated they ignore alerts to avoid "alert overload" at their SOCs.
MSSP security analysts and managers often face hundreds or thousands of alerts daily, FireEye noted. Meanwhile, they must sort through these alerts to find potential breaches, which can lead to FOMI and alert fatigue.
FOMI and alert fatigue can cause MSSP security analysts and managers to tune out alerts, FireEye indicated. To combat FOMI and alert fatigue, analysts and managers can use security solutions that automate threat hunting, cyber investigations and other security operations.
What Are the Top Tools to Investigate Security Alerts?
Security orchestration, automation and response (SOAR), security information and event management (SIEM) and threat hunting were among the top tools that security teams used to investigate security alerts, according to FireEye's report. Furthermore, 40 percent of security analysts said they use artificial intelligence and machine learning technologies alongside these tools.
MSSP security analysts and managers are being overwhelmed by false-positive alerts from disparate solutions, FireEye VP of Customer Success Chris Triolo said. Extended detection and response (XDR) and other automation tools may help security analysts and managers alleviate this issue.