Approximately two-thirds of staff at security operations centers (SOCs) report feeling overwhelmed by an influx of irrelevant cyber alerts generated by vendors eager to evade responsibility for breaches. This overwhelming flood of notifications has led to a decline in their trust in the tools they rely on, with nearly half expressing skepticism about the effectiveness of the products and services at their disposal.
This information comes from Vectra AI, a specialist in extended detection and response (XDR), which unveiled its 2024 State of Threat Detection report, titled “The Defenders’ Dilemma.” The report emphasizes that security professionals believe they are struggling to identify genuine threats amid a landscape cluttered with fragmented tools and a shortage of clear, actionable signals.
Participants in the global survey revealed a growing mistrust of technology suppliers, with some suggesting that threat detection tools can be more obstructive than beneficial during actual security incidents. Nonetheless, there are positive signs, including an increasing self-assurance among security teams and optimism about the potential role of artificial intelligence (AI) in enhancing their effectiveness—an area Vectra AI is keen to exploit.
Mark Wojtasiak, Vectra AI’s vice president of research and strategy, remarked, “It’s encouraging to see that the confidence of security practitioners is on the rise. However, it is evident that they are becoming more frustrated with their current threat detection tools. Due to a lack of integrated attack signals, these tools often add to their workload instead of streamlining processes. The data indicates that both the tools used for threat detection and the vendors providing them are not fulfilling their expected roles.”
Security teams believe that AI could provide valuable attack signals that help them identify and prioritize threats, improve response times, and reduce alert fatigue. However, rebuilding trust is essential. While AI-driven solutions are showing promise, vendors must demonstrate added value beyond merely selling technology to restore confidence.
The Vectra AI report highlights a paradox: security professionals trust their skills yet feel they are losing touch with the essential information needed to detect threats. The data suggests this disconnect stems from managing too many tools that generate excessive information, raising fears of missing critical alerts. Consequently, this has led to diminished trust and increased reliance on personal instincts, exploration of alternative XDR solutions, or the integration of AI technologies.
Supporting this, the survey revealed that 71% of respondents worry about potentially overlooking a genuine attack, and 51% feel overwhelmed by the sheer volume of threats. Additionally, 47% lack confidence in their tools, while 54% believe these tools are exacerbating the workload of SOCs. In fact, 81% reported spending over two hours daily triaging security events.
Furthermore, Vectra AI found that a significant 73% of SOC practitioners use more than 10 tools, with 45% deploying over 20. Frustrations highlighted in the report include the perception that threat detection tools generate excessive noise and a belief that suppliers are attempting to evade responsibility for preventing breaches.
Overall, many SOC professionals now view the acquisition of security tools as a mere compliance exercise rather than a substantive approach to enhancing security.