Security practitioners embrace AI amidst tool distrust
A new report by Vectra AI reveals growing concerns among Security Operations Centre (SOC) practitioners about their ability to effectively detect and prioritise real threats amidst a deluge of security alerts.
The 2024 State of Threat Detection and Response Report highlights that 71% of SOC practitioners are worried about missing genuine threats hidden in a wave of alerts. Additionally, 51% feel they are unable to keep up with the increasing volume of security threats. These concerns are compounded by a dissatisfaction with traditional security tools, which are perceived as more of a burden than an asset.
According to the report, 54% of SOC practitioners believe that the tools they are currently utilising are increasing their workload rather than alleviating it. Furthermore, 81% of respondents spend over two hours daily managing security events, contributing to this dissatisfaction. Many practitioners are juggling a multitude of tools; 73% report having more than ten tools at their disposal and 45% manage over 20.
Distrust in security vendors is another significant issue, with 60% of SOC practitioners accusing vendors of inundating them with superfluous alerts to deflect responsibility in the event of a breach. Meanwhile, 71% of practitioners suggest that vendors should assume greater accountability for their inability to prevent breaches.
Despite the challenges associated with traditional tools, there is optimism regarding the use of artificial intelligence (AI) in threat detection. The survey indicates an upward trend in AI investment, with 85% of SOC practitioners increasing their use of AI over the past year. A positive impact has been observed, as 67% report improvements in threat identification and management, with AI reducing workloads for 75% of practitioners and lowering feelings of burnout for 73% over the past 12 months.
Mark Wojtasiak, Vice President of Research and Strategy at Vectra AI, commented, "It's promising to see that confidence is growing among security practitioners; however, it's clear they are becoming increasingly frustrated with their current threat detection tools which, due to a lack of integrated attack signal, often create additional work rather than streamline the process. The data suggests that the tools being used for threat detection and response, along with the vendors who sell them, aren't holding up their end of the deal."
He elaborated on the role of AI, stating, "Teams believe AI delivers an attack signal that will help them identify and prioritise threats, accelerate response times, and reduce alert fatigue, however, trust needs to be rebuilt. AI-powered offerings are proving to have a positive impact, but to truly re-establish trust, vendors will need to show how they add value beyond just the technologies they sell."
The survey underscores a shift towards AI-powered solutions, with 89% of SOC practitioners planning to implement more AI tools in the coming year to supplant legacy systems. This reflects a growing confidence in AI's potential to enhance threat detection and response efficiency, provided vendors can prove their solutions' tangible value to overwhelmed SOC teams.