ANZ SOC teams distrust legacy tools, turn to AI solutions

A recent research report by Vectra AI highlighted the ongoing challenges faced by security operations centre (SOC) practitioners in Australia and New Zealand (ANZ) due to legacy threat detection tools.

The report, titled "The State of Threat Detection: The Defender's Dilemma," examines the discord between rising cyber threats and the efficacy of existing security technologies in place.

Despite increased confidence among SOC teams in their own capabilities, the findings indicate a staggering amount of dissatisfaction with current threat detection tools. A significant 69% of ANZ SOC practitioners expressed concerns about missing a genuine cyber attack amidst excessive alert volume, while 31% of practitioners lack trust in their tools' abilities to function as required.

Sharat Nautiyal, who serves as the Director of Security Engineering for APJ at Vectra AI, articulated the core of the issue, noting that "legacy security tools often create more issues than they resolve." He likened these tools to "a first-generation racing car" in the context of modern cybersecurity needs. Nautiyal emphasised that outdated tools are forcing SOC practitioners to manage excessive alerts, thereby sidelining critical tasks.

The report exposes a growing distrust toward vendors, with 51% of local practitioners believing that the tools issued by vendors exacerbate rather than alleviate alert volume. Furthermore, many SOC professionals note that despite having a substantial array of tools, their effectiveness falls short, leading them to explore alternative solutions such as extended detection and response (XDR) systems.

The research reveals startling figures regarding workload and tool management, as 81% of SOC practitioners report spending upwards of two hours each day sorting through security events. Moreover, 41% of these practitioners state that their tools are more inhibitive than helpful when identifying real threats, managing to address only a fraction of the alerts they receive.

Amidst these challenges, the report indicates an uptick in the adoption and trust in artificial intelligence (AI) capabilities to enhance threat detection and response. According to the study, 77% of ANZ SOC practitioners have increased their investment in AI over the past year, and 64% report positive outcomes from AI integration in threat detection.

Mark Wojtasiak, Vice President of Research and Strategy at Vectra AI, commented on the findings, suggesting that while confidence is building among SOC teams, many aspects of threat detection tools and vendor trust remain problematic. "AI offerings are proving to impact positively," Wojtasiak stated, "but trust needs to be rebuilt for AI to truly establish itself as a cornerstone in threat detection."

The report concludes by suggesting that practitioners are keen to invest more in AI-powered solutions in the future, with 89% of respondents planning to do so over the next year. This shift is portrayed as a strategic move to replace ineffective legacy tools and cope with the complexities of modern cyber threats.

In light of these findings, Vectra AI stresses the need for security vendors to demonstrate the added value of their tools, especially AI-driven solutions, to enhance efficiency without imposing additional burdens on SOC teams.