Today, SIEM provider Exabeam and the Ponemon Institute announced the results of their joint research report: “Exabeam SIEM Productivity Study.” Shockingly, they discovered cybersecurity professionals spend 25% of their time chasing false positives. Additionally, Exabeam and Ponemon found that cybersecurity teams must address around 4,000 security alerts a week.
Meanwhile, in the “The Exabeam 2019 State of the SOC Report,” 46% of less effective SOCs complain of slight understaffing. On average, understaffed SOCs need anywhere between six and ten employees.
The connection between the time wasted on investigating false positives and understaffed security operations center becomes obvious. However, recognizing the problem only constitutes half the equation. How can your enterprise effectively bridge the gap of the cybersecurity staffing crisis.
How SIEM Can Mitigate False Positives
In fact, next-generation SIEM can help your IT security team recognize and ameliorate false positives faster than ever before. With contextualization, your IT security team can observe the alert’s principal actors and behaviors before the full investigation. Thus, your team can determine whether the alert actually highlighted a normal event by accident and save precious time.
Additionally, next-generation SIEM can also provide your team with automated threat detection and investigation. This saves your team time as well, even as it depends on human intelligence to function optimally. Instead of looking to replace your human intelligence, you should look to your SIEM to supplement you human expertise.
You can download the full The Exabeam 2019 State of the SOC Report here. Also, you can read more about the “Exabeam SIEM Productivity Study” here. Finally, to learn more about how next-generation SIEM can prevent false positives, check out the 2019 SIEM Buyer’s Guide! We dive into the top vendors and their key capabilities.
Latest posts by Ben Canner (see all)
- What Do SIEM Components Actually Do For Enterprises? - October 10, 2019
- The 11 Top Enterprise Threat Intelligence Platforms of 2019 - October 9, 2019
- LogRhythm Releases True Unlimited Data Plan for SIEM - October 4, 2019