https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Services Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
    • Diversity, Equity & Inclusion
  • MSP 501
    • Back
    • MSP 501 Information Center
    • 2021 MSP 501 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2021 MSP 501
    • Circle of Excellence
    • DE&I 101
    • Top Gun 51
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Services Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
    • Diversity, Equity & Inclusion
  • MSP 501
    • Back
    • MSP 501 Information Center
    • 2021 MSP 501 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2021 MSP 501
    • Circle of Excellence
    • DE&I 101
    • Top Gun 51
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

MSSP Insider


Shutterstock

Critical Start: False Positives Plague Cybersecurity Professionals

  • Written by Edward Gately
  • January 16, 2020
Automation is helpful in reducing the time to investigate alerts.

Cybersecurity providers are being bombarded with alerts, many of which turn out to be false positives, creating challenges for the industry.

That’s according to Critical Start’s latest report, The Impact of Security Alert Overload. MSSPs, managed detection and response (MDR) providers and security operations center (SOC) professionals were surveyed for the report.

Critical Start found that 70% of cybersecurity professionals investigate more than 10 security alerts daily, a marked increase from 2018 when just 45% reported investigating double-digit alerts each day. And respondents reported a false-positive rate of 50% or higher, meaning valuable time that could be used to strengthen an organization’s security posture is being spent chasing cyber ghosts.

Rob Davis, Critical Start‘s CEO, tells us the industry will always have a high number of false positives, which isn’t necessarily bad. A security vendor stating an activity was good when it was actually malicious would be far worse, he said.

Critical Start's Rob Davis

Critical Start’s Rob Davis

“This is a false negative,” he said. “To improve, SOC professionals should create an efficient process so that you never have to investigate the same false positive twice. This involves having the right platform and procedures in place for your SOC so that it is very simple for SOC analysts to automate resolution of known good security alerts. MSSP and MDR providers with the right SOC platform can lower costs significantly by leveraging network effects for false positives that apply to multiple customers. To be effective in detecting all attacks, it is critical that MSSP and MDR providers have the ability to personalize their offerings to take into account unique differences across customers. Unique differences could include login scripts, software installations, custom applications and use of administrative scripts.”

Other key findings from the report include:

  • Seventy-eight percent of respondents said it takes more than 10 minutes to investigate each alert, a significant increase from 64% who said the same in 2018.
  • Just 41% of survey respondents believe their primary responsibility is to analyze and remediate threats, opting instead to reduce investigation times and alert volumes, a dramatic decrease from 70% in 2018.
  • Nearly half of those surveyed said they receive just 20 hours or less of training per year.

“Training is very important and should include a rigorous onboarding process that requires certification before triaging alerts,” Davis said. “At Critical Start for example, new SOC analysts undergo 160 hours of initial training followed by a certification process. Each year we require another 40-80 hours of training. In addition to training, a SOC should have some type of review process to sample the quality of alert investigations and implement a two-person review process for remediation actions and security alert automation actions.”

Automation is helpful in reducing the time to investigate alerts, but you have to be careful on how you measure productivity, he said. Using time per alert can result in “hasty, insufficient” analysis of alerts in an attempt to meet arbitrary productivity metrics. The goal should be to automate the resolution of false positives before they reach the SOC so that SOC analysts can take all the time required to properly investigate each alert, he said.

“The report is encouraging because there is increased evidence companies are hiring additional headcount to handle the alert overload problem,” Davis said. “While the increased budgets are a promising data point, all of the other evidence points to organizations still being unable to resolve every alert generated by their security tools.”

Tags: MSPs Business of Security Endpoint MSSP Insider People and Careers Security

Most Recent


  • Joint selling
    Tanium Unveils New Technology Partner Program for Joint Solutions
    Access to real-time endpoint data promotes zero-trust security.
  • Must See
    IBM, F5, Appgate, Axonius, CyberGRX Among 'Must-See' Vendors at RSA
    EMA said these vendors provide products and solutions that are some of the best in the industry.
  • Business building block growth
    So You Want to Build a Microsoft Practice? Here's What It Will Take
    “It's a labor of love, and it didn't happen overnight," Jim Campbell of Opkalla said.
  • Compliance Issues
    ConnectWise Enhances Innovation, Partner Experience with Additions to Leadership Team
    Todd Hale becomes ConnectWise CIO and Ciaran Chu will lead the innovation business unit as general manager, ConnectWise Control.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • DevSecOps
    ServiceNow, Microsoft Set to Deliver Broad SecOps Integration
  • Dunce Cap Businessman
    Tired of MSSPs ‘Failing,’ Nuspire Debuts Platform to Combat Cyberattacks
  • Malicious hacker at computer with code
    FragAttacks Wi-Fi Vulnerabilities Pose Widespread Threat to Individuals, Businesses
  • Colonial Pipeline Just the Latest Victim in Darkside Ransomware Crime Spree

Upcoming Events

View all

Channel Partners Europe

June 14, 2022 - June 15, 2022

MSP Summit

September 13, 2022 - September 16, 2022

Galleries

View all

IBM, F5, Appgate, Axonius, CyberGRX Among ‘Must-See’ Vendors at RSA

May 25, 2022

So You Want to Build a Microsoft Practice? Here’s What It Will Take

May 25, 2022

Cisco Hybrid Cloud Trends Report Indicates Important Uptake

May 25, 2022

Industry Perspectives

View all

Leverage Your MSP’s People Power

May 24, 2022

How SD-WAN Helps Secure the Expanding Network Perimeter

May 19, 2022

A Sneak Peek at the 2022 BrightCloud Threat Report

May 17, 2022

Webinars

View all

Simplifying SaaS Security for MSPs

April 27, 2022

How to Supercharge The Network to Support Your IT Superhero Moves

May 3, 2022

The 2022 MSP Challenge: Scale Service Delivery Despite the Talent Gap

April 21, 2022

White Papers

View all

Work Goes Remote – (and Other Top ITOps Trends)

May 25, 2022

The New Bottom Line: How MSPs Can Meet the Healthcare Crisis While Evolving Their Businesses

April 19, 2022

How to build a Security Operations Center (on a budget)

April 4, 2022

Channel Futures TV

View all

AT&T, Microsoft, Cisco, ThreatLocker on Unlocking Partner Potential

Agents Share ‘Secrets,’ Industry Opportunity

May 11, 2022

Vonage Addresses Potential Partner Opportunity via Acquisition by Ericsson

May 5, 2022

Lumen Technologies ‘Built for Growth and Scale’

May 4, 2022

Twitter

ChannelFutures

.@Tanium launches new Technology Partner Program. #endpointdata dlvr.it/SR3pvw https://t.co/5DL6gvTAhX

May 25, 2022
ChannelFutures

EMA's picks for must-see vendors at next month's @RSAConference: @AppGateSecurity, @AxoniusInc, @coalfire,… twitter.com/i/web/status/1…

May 25, 2022
ChannelFutures

Jim Campbell of @opkalla shared how the consultancy built a Microsoft gold partner CSP business in 18 months.… twitter.com/i/web/status/1…

May 25, 2022
ChannelFutures

.@Nable's new N-hanced Services empower partners to leverage N-able’s full breadth of experience and expertise, the… twitter.com/i/web/status/1…

May 25, 2022
ChannelFutures

Work Goes Remote – (and Other Top ITOps Trends) dlvr.it/SR3d06

May 25, 2022
ChannelFutures

.@ConnectWise adds two executives to its leadership team: Todd Hale as CIO and Ciaran Chu as GM of ConnectWise Cont… twitter.com/i/web/status/1…

May 25, 2022
ChannelFutures

.@Intuit vet joining @McAfee as its new president and CEO. #cybersecurity dlvr.it/SR3c0s https://t.co/GH5cJzTq8F

May 25, 2022
ChannelFutures

Verbal and written interactions contribute to the way we communicate and work with others. Join us tomorrow for a v… twitter.com/i/web/status/1…

May 25, 2022

MSSP Insider

Business advice for MSSPs and news from the broader security channel.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X