IT Security Pros Say Alerts Undermine Response to Cyber Threats

Deepwatch, a leader in advanced managed detection and response (MDR) security, releases today the State of the Modern SOC report. The research found that most IT security professionals believe they could have stopped business-impacting cyber events if equipped with better response capabilities. Many seek more automation and less alert noise to shorten response times.

The report found that 85 percent of IT security professionals have experienced preventable business impacts resulting from insufficient response procedures, while 97 percent said more accurate alerting would increase their confidence in automating threat response actions.

More than 300 security professionals, working at U.S. organizations with 1,000 or more employees, were surveyed by Dimensional Research for this report.

“Stronger detection paves the way for trustworthy automated response and fast, effective containment of cyber threats,” said Wesley Mullins, chief technology officer at Deepwatch. “Modern security operations centers (SOCs) should be equipped with high-fidelity alerts, that include proper contextualization and correlation to provide as clear of a picture of the threat as possible. Not only does that enable analysts to work better, but it also unlocks the ability to implement automated response actions that stop threats with speed and precision. The key is confidence in the detection.”

Almost all (93 percent) of security professionals are working to reduce response times, and more (99 percent) either believe they need more automation or want to learn more about automating security incident response in their organizations.

Automation would benefit organizations strapped for resources. The research found that 38 percent of security teams for companies with more than 1,000 employees are not resourced for 24/7 SOC coverage; 30 percent have SOC coverage during business hours only, and 8 percent have no SOC.

Of the 85 percent of security professionals that reported preventable business impacts insufficient response, 63 percent reported consequences of blocked access to their systems resulting in downtime, and 47 percent reported a negative impact on customer experience.

“With the rise of ransomware and attacks on critical infrastructure, we all know that cyber incidents can have highly disruptive impacts on operations,” Mullins said. “That can certainly cost a business internal productivity and revenue, but in the case of critical infrastructure, these attacks can have much more troubling consequences. No one can prevent 100 percent of threats from entering their environments, so it’s just as important to have mature detection and response programs to stop the threats before they can actually damage the business or stop operations. Automating response and partnering with a trusted provider to manage response are both paths to faster threat containment.”

To read the full report, please visit