Overwhelmed by Security Alerts?
New research from Intel Security indicates that 93 percent of security operations center managers feel overwhelmed by security alerts related to ransomware and malware of all sorts and it is leaving them unable to triage potential threats.
On average, according to the recently released "McAfee Labs Threats Report: December 2016" (PDF), organizations are unable to sufficiently investigate 25 percent of security alerts, which is particularly disconcerting considering that 67 percent of respondents reported an increase in security incidents.
“One of the harder problems in the security industry is identifying the malicious actions of code that was designed to behave like legitimate software, with low false positives,” said Vincent Weafer, vice president of Intel Security’s McAfee Labs.
“The more authentic a piece of code appears, the more likely it is to be overlooked. Just as 2016 saw more ransomware become sandbox-aware, the need to conceal malicious activity is driving a trend toward ‘Trojanizing’ legitimate applications. Such developments place an ever greater workload on an organization’s SOC – where success requires an ability to quickly detect, hunt down, and eradicate attacks in progress.”