Vectra AI: The Gap Between SecOps and Threat Detection Tools

Despite a majority of SOC analysts reporting their tools are effective, the combination of blind spots and a high volume of false positive alerts are preventing enterprises and their SOC teams from successfully containing cyber risk.

Without visibility across the entire IT infrastructure, organizations are not able to identify even the most common signs of an attack, including lateral movement, privilege escalation, and cloud attack hijacking. The study also found:

• 97% of SOC analysts worry about missing a relevant security event because it’s buried under a flood of alerts, yet, the vast majority deem their tools effective overall.
• 41% believe alert overload is the norm because vendors are afraid of not flagging an event that could turn out to be important.
• 38% claim that security tools are purchased as a box-ticking exercise to meet compliance requirements, and 47% wish IT team members consulted them before investing in new products.

Analyst Burnout Poses Significant Risk to Security Industry

Despite the increasing adoption of AI and automation tools, the security industry still requires a significant number of workers to interpret data, launch investigations, and take remedial action based on the intelligence they are fed. Faced with alert overload and repetitive, mundane tasks, two-thirds of security analysts report they are considering or actively leaving their jobs, a statistic that poses a potentially devastating long-term impact to the industry. The study found:

• Despite 74% of respondents claiming their job matches expectations, 67% are considering leaving or are actively leaving their job.
• Of the analysts considering leaving or actively leaving their role, 34% claim they don’t have the necessary tools to secure their organization.
• 55% of analysts claim they’re so busy that they feel like they’re doing the work of multiple people, and 52% believe working in the security sector is not a viable long-term career option.

“As enterprises shift to hybrid and multi-cloud environments, security teams are continually faced with more – more attack surface, more attacker methods that evade defenses, more noise, more complexity, and more hybrid attacks,” said Kevin Kennedy, senior vice president of products Vectra AI. “The current approach to threat detection is broken, and the findings of this report prove that the surplus of disparate, siloed tools has created too much detection noise for SOC analysts to successfully manage and instead fosters a noisy environment that’s ideal for attackers to invade. As an industry, we cannot continue to feed the spiral, and it’s time to hold security vendors accountable for the efficacy of their signal. The more effective the threat signal, the more cyber resilient and effective the SOC becomes.”

Vectra Al is the best find of the NWU company for cyber security of Ukraine

Thanks to the NWU company, which is the official distributor of Vectra Al in Ukraine, you can now buy NDR (Network Detection and Response) from the world leader of the domestic IT market, which is an integral part of the SOC triad.

Vectra AI, Inc. is the leader in hybrid attack detection, investigation and response. The Vectra AI Platform delivers integrated signal across public cloud, SaaS, identity, and data center networks in a single platform. Vectra AI’s patented Attack Signal Intelligence empowers security teams to rapidly detect, prioritize, investigate and stop the most advanced hybrid cyber-attacks. With 35 patents in AI-driven detection and the most vendor references in MITRE D3FEND, organizations worldwide rely on the Vectra AI Platform and MDR services to move at the speed and scale of hybrid attackers.

Buy NDR for SOC or order for testing