Cyber Threat Alerts Give Way to False Positives
Data breaches are at an all-time high, and the ways malicious actors go after vulnerable organizations are becoming increasingly sophisticated. As such, security teams face unprecedented challenges in protecting their organizations, according to the Panther Labs report.Adding to the challenges for security teams are threat detection and response activities being hampered by tools that haven’t evolved to manage the massive amount of data generated by today’s cloud infrastructure and applications.With this reality in mind, Panther Labs offers these key findings:- 55% of respondents have built their own detection and response tool, but less than half found it to be highly effective. The need to build their own tools likely stems from dissatisfaction with the tools available. In fact, 25% said the tool they built was highly ineffective.
- The biggest challenge is efficiency. Most respondents say efficiency issues, such time wasted on false positives and a lack of efficient processes, are their biggest challenges today.
- Automation would make them more effective. Respondents believe that automating manual tasks would have the greatest impact on making security operations more efficient.
- Over the last 12 months, 48% of respondents have seen a three-fold increase in the number of alerts per day. This is an alarming growth rate, says Panther Labs, compounds an already problematic situation for teams already stretched thin.
- More than 50% of respondents find that at least half of alerts are false positives. Managing a high volume of false positives is contributing to alert fatigue and impacting security teams' ability to focus on more high-value tasks.
Panther Labs Issues Wakeup Call
Jack Naglieri, CEO and founder of Panther Labs, adds perspective to his company’s research:"Threat detection and response at modern scale is challenging, no matter how large or experienced your team is. The answers provided by our respondents confirm what many security practitioners experience firsthand every day: commercial tools are often not living up to their expectations, but security teams also struggle to build their own internal tooling that can perform as needed."