The majority of security organizations received more alerts than they can handle and don’t have a way to spot stolen credentials, according to a survey released today.
According to the report, 62 percent of organizations get too many alerts, and that’s just from SIEM systems.
The majority of respondents, or 54 percent, said their teams were only able to investigate 10 or fewer alerts per day, partly due to how long these investigations take.
“A lot of incident-handling workflows were developed long ago, and were not updated over time or are not designed to scale as more alerting tools have been introduced into the ecosystem,” said Matt Hathaway, senior manager of platform development at Rapid7, the sponsor of the report. “They get new systems that alert in addition to existing systems, and without being able to scale the team quickly, it becomes unmanageable.”