Growing Apprehension Towards Threat Detection Tools by Security Operations Centers Uncovered
A new report titled "The 2024 State of Threat Detection and Response Research Report: The Defenders' Dilemma," published by Darktrace, has shed light on the current state of security operations centres (SOC) in the Asia Pacific region. The report suggests that while AI-powered offerings are proving to have a positive impact, trust remains a significant challenge.
According to the report, 77% of SOC practitioners in the region have increased their investment and use of AI in the last year. However, 31% of these practitioners do not trust their tools to work the way they need them to work. This sentiment is echoed by 48% of SOC practitioners who say security vendors flood them with pointless alerts to avoid responsibility for a breach.
The report also highlights that SOC teams are increasingly frustrated with their current security tools, which are causing more challenges than they solve. Sharat Nautiyal, also from Vectra AI, noted that legacy security tools often generate a flood of noise with little return on investment.
In contrast, nearly two-thirds (69%) of SOC practitioners in the Asia Pacific region worry they will miss a real attack buried in a flood of alerts. Fortunately, nearly 70% of practitioners say AI has reduced their workload in the past 12 months, and 66% say AI has reduced feelings of burnout.
Nautiyal added that effective AI solutions should integrate across all hybrid attack surfaces, helping to identify and prioritise threats, accelerate response times, and reduce alert fatigue. Mark Wojtasiak, from Vectra AI, stated that current threat detection tools often create additional work rather than streamline the process.
The report also reveals that across Asia Pacific, 60% of SOC teams have either recently adopted or are exploring extended detection and response solutions. Around 60% of teams have more than ten tools in place, and 29% have more than 20 tools. Practitioners continue to struggle with alert accuracy, with a significant number of alerts going unaddressed due to time constraints and insufficient tool support.
In conclusion, while AI is proving beneficial in the region, trust remains a significant challenge. Vendors must demonstrate how they add value beyond just the technologies they sell to truly reestablish trust. Effective AI solutions should integrate across all hybrid attack surfaces, help identify and prioritise threats, accelerate response times, and reduce alert fatigue.
Read also:
- Duty on cotton imported into India remains unchanged, as U.S. tariffs escalate to their most severe levels yet
- Steak 'n Shake CEO's supposed poor leadership criticism sparks retaliation from Cracker Barrel, accusing him of self-interest
- President von der Leyen's address at the Fourth Renewable Hydrogen Summit, delivered remotely
- Unveiling Innovation in Propulsion: A Deep Dive into the Advantages and Obstacles of Magnetic Engines
