Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:20 AM
Joan Goodchild
Joan Goodchild
Quick Hits

SOC Teams Burdened by Alert Fatigue Explore XDR

ESG research finds a complex attack surface and threat landscape make alerts too overwhelming to monitor accurately

Cybersecurity analytics and operations is more difficult today than it was 2 years ago, according to a recent survey of security professionals conducted by Enterprise Strategy Group (ESG).

The research finds some of the top reasons why security teams struggle more now include:

  • The threat landscape is evolving and changing rapidly: 41%
  • We collect and process more security data than we did two years ago: 35%
  • The volume of security alerts has increased over the past two years: 34%
  • The attack surface has grown over the past two years: 30%

As the attack surface and threat landscape grow more complex, security teams say alerts in the security operations center (SOC), generated from many disparate security controls, have also become complicated and difficult to monitor.

Survey respondents listed their top three challenges with alerts as:

  • Filtering the nose out of alerts so we can focus on the right signals: 38%
  • Scaling to collect, process, and analyze the growing volume of security data: 37%
  • Collecting, processing, and contextualizing threat intelligence data: 36%

Many organizations are exploring extended detection and response (XDR) to help detect complex attacks. XDR is an integrated suite of security products spanning hybrid IT architectures designed to coordinate on threat prevention, detection, and response. The tech is meant to unify control points, security telemetry, analytics, and operations into one enterprise system.

ESG reports those who are interested in XDR find the following capabilities most appealing:

  • Simplified visualization of complex attacks and understanding how they progress across a kill chain: 42%
  • Advanced analytics that can detect and identify modern, sophisticated attacks: 38%

Dave Gruber, senior analyst with ESG, examines the XDR market and the technology's potential in SOCs in a recent Dark Reading webinar Making XDR Work in Your Enterprise.

The webinar's discussion centers on how XDR applies to real-life environments and scenarios, and how it works with, and independently from, other tools. It also touches on common challenges with deployment of XDR solutions.

The webinar can be accessed here.

Joan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online. View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-07-31
A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
PUBLISHED: 2021-07-31
A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
PUBLISHED: 2021-07-31
ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have <!ENTITY content, create a .xml file for a generic survey template (containing a link to this .css file), and import this .xml file at the survey/admin/folderSurvey.do?action=viewImportSurvey['importFil...
PUBLISHED: 2021-07-31
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data.
PUBLISHED: 2021-07-31
admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code.