Research Reveals Growing Distrust for Threat Detection Tools as SOC Teams Struggle to Identify Real Attacks

Report finds 54% (global 60%) of SOC practitioners say security vendors flood them with pointless alerts to avoid responsibility for a breach, with 45% (global 47%) noting they do not trust their tools to work the way they need them to work

SINGAPORE, Oct. 4, 2024 /PRNewswire/ -- Vectra AI, Inc., the leader in AI-driven XDR (extended detection and response), today announced the findings of its 2024 State of Threat Detection and Response Research Report: The Defenders' Dilemma. The report shows that security operations center (SOC) practitioners believe they are losing the battle detecting and prioritizing real threats – due to too many siloed tools and a lack of accurate attack signal. They cite a growing distrust in vendors, believing their tools can be more of a hindrance than help in spotting real attacks. This is at odds with growing confidence in their teams' abilities and a sense of optimism around the promise of artificial intelligence (AI).

The hybrid attack landscape continues to expand as organizations increasingly turn to GenAI-powered tools to streamline processes and enhance their work. This creates more opportunities for attackers and challenges for security teams who are already struggling with security alert noise and false positives. Even though SOC teams are more confident in their defenses than they were a year ago, many feel they do not have the right tools to help them effectively detect and prioritize real threats. Based on a global survey of 2,000 security professionals, the report breaks down why this disconnect exists, how current threat detection solutions are falling short, and the role AI plays in improving the process, delivering accurate threat signal and reducing workloads.

SOC Confidence is Improving but Many Fear Legacy Tools are Holding Them Back

Security practitioners are increasingly confident in their capabilities but feel they are losing ground when it comes to detecting and prioritizing real threats. So, what is the disconnect? Many SOC teams are managing too many tools and still struggle with an overwhelming number of alerts, leading to concerns about missing critical threats. This is driving a lack of confidence and trust in the current threat detection tools practitioners are using and resulting in practitioners seeking alternative solutions, such as extended detection and response (XDR) solutions. The study found:

• Nearly three-quarters 73% (global 71%) of APAC SOC practitioners worry they will miss a real attack buried in a flood of alerts and 51% (same as global) believe they cannot keep pace with the increasing number of security threats.
• Nearly half 45% (global 47%) of practitioners do not trust their tools to work the way they need them to work, while 52% (global 54%) say the tools they work with actually increase the SOC workload instead of reducing it.
• 69% (global 73%) of SOC practitioners have more than 10 tools in place and 48% (global 45%) have more than 20 tools.
• 61% (global 62%) of teams have either recently adopted or are exploring extended detection and response (XDR) solutions.

Legacy Threat Detection Tools are Creating More Work for Practitioners, Resulting in Growing Vendor Distrust and Tool Dissatisfaction

SOC teams are increasingly frustrated with their current security tools, which are causing more challenges than they solve. Many practitioners find themselves pushing aside critical tasks to manage the overwhelming alert volume they receive, leading to dissatisfaction not only with the tools but also with the vendors providing them. Practitioners also continue to struggle with alert accuracy, with a significant number of alerts going unaddressed due to time constraints and insufficient tool support. While there are signs of improvement in areas like visibility across hybrid environments, the overwhelming volume of alerts remains a significant issue. The study also found:

• 56% (global 60%) of APAC SOC practitioners say vendors are selling threat detection tools that create too much noise and too many alerts, while 69% (global 71%) say vendors need to take more responsibility for failing to stop a breach.
• 82% (global 81%) of SOC practitioners spend more than 2 hours per day digging through / triaging security events.
• 46% (global 50%) of SOC practitioners say their security tools are more of a hindrance than help when it comes to spotting real attacks, noting that realistically, they are only able to deal with 38% (same as global) of the alerts they receive, while they would classify 17% (global 16%) of them as "real attacks."
• 58% (global 60%) of SOC practitioners say a lot of their security tools are bought as a "box ticking" exercise for compliance.

Adoption and Trust in AI for Threat Detection is Growing, But Vendors Have Work To Do

SOCs are increasingly adopting AI to improve threat detection and response, driven by a growing trust in AI's capabilities. While many practitioners are optimistic about AI's potential to deliver threat signal efficacy to accurately identify and respond to threats, reduce workloads and replace legacy tools, there are still concerns about adding complexity to an already overwhelmed system. Despite the challenges, there is a strong intent to invest more in AI-powered solutions to enhance efficiency and efficacy. However, for AI to truly gain widespread acceptance, vendors must work to rebuild trust by delivering tools that add real value without increasing the burden on SOC teams. The study found:

• 82% (global 85%) of APAC SOC practitioners say their level of investment and use of AI has increased in the last year, with 63% (global 67%) noting that AI has had a positive impact on their ability to identify and deal with threats.
• 71% (global 75%) of SOC practitioners say AI has reduced their workload in the past 12 months, 70% (global 73%) of SOC practitioners say AI has reduced feelings of burnout in the past 12 months.
• 87% (global 89%) of SOC practitioners plan to use more AI-powered tools over the next year to replace legacy threat detection and response.

"It's promising to see that confidence is growing among security practitioners; however, it's clear they are becoming increasingly frustrated with their current threat detection tools which, due to a lack of integrated attack signal, often create additional work rather than streamline the process. The data suggests that the tools being used for threat detection and response, along with the vendors who sell them, aren't holding up their end of the deal," Mark Wojtasiak, vice president of research and strategy at Vectra AI. "Teams believe AI delivers an attack signal that will help them identify and prioritize threats, accelerate response times, and reduce alert fatigue, however, trust needs to be rebuilt. AI-powered offerings are proving to have a positive impact, but to truly reestablish trust, vendors will need to show how they add value beyond just the technologies they sell."

According to Sharat Nautiyal, Director, APJ Security Engineering at Vectra AI, "While APAC cybersecurity practitioners are more confident in their cyber defence, they are still overwhelmed by cyberattacks despite having enough SOC analysts on their team. This is largely due to legacy security tools often creating more issues than they resolve, forcing practitioners to sideline critical tasks to manage the excessive alert volume. These outdated tools tend to generate a flood of noise with little return on investment. It's like turning up to an F1 race with a first-generation racing car and expecting it to perform.

"However, there is a silver lining: confidence in AI is growing as it reduces workload and burnout, with 87% of respondents planning to use more AI tools next year to simplify and eliminate legacy tools, channelling security investments where they will yield the best results. As the market saturates with tools claiming 'AI' capabilities, practitioners need to identify which solutions truly cut through the noise and add real value. Effective AI solutions should integrate across all hybrid attack surfaces, helping to identify and prioritize threats, accelerate response times, and reduce alert fatigue."

To download the full report, visit: www.vectra.ai/resources/2024-state-of-threat-detection

Learn more about how Vectra AI is setting the new standard for extended detection and response (XDR) by visiting our blog and following along on LinkedIn and X.