businessinfomag.uk magazine 26 CYBERSECURITY …continued Too much information New report highlights the dangers of alert overload – and why SOC leaders are embracing AI to tackle it SOCs don’t struggle with visibility anymore, they’re buried in it. This is the unambiguous conclusion of the inaugural State of AI in SecOps 2025 Survey Report from Prophet Software. On July 29, Prophet announced that it had raised $30 million to launch and expand its agentic AI SOC platform, Prophet AI, in a Series A funding round led by Accel, with participation from Bain Capital Ventures and other strategic investors. Its 30-page report, based on a survey of 300 CISOs, SOC leaders and SOC analysts/engineers in organisations with more than 1,000 employees, highlights the extent to which SOCs are struggling to cope with a surfeit of alerts generated by a multitude of security tools. On average, organisations have 17 tools generating 960 alerts daily, of which 40% are never investigated. Grant Oviatt, Prophet Security Co-founder and Head of Security Operations, said: “Imagine logging in each morning to find a thousand new emails, some urgent, some easily replied to and some clearly spam, but all demanding our time and attention. Most of us sort, filter, prioritise and still miss a few important messages. That’s a similar reality for SOC teams, where analysts are overwhelmed with security alerts that need investigation, leading to fatigue and eventually missed detections.” The report warns that even when alerts are investigated, doing so often takes longer than is needed for a threat to morph into a breach. While Crowdstrike’s 2025 Global Threat Report reveals that phishing threats take an average of 48 minutes to extract sensitive information, Prophet’s research indicates that it takes an average of 56 minutes for an alert to be picked up for review after being issued by a detection tool (Alert Dwell Time) and 70 minutes for a security team to thoroughly investigate an alert (Mean Time to Investigate). One response to alert overload and the burden it places on stretched resources is to limit the number of alerts received by disabling/ not activating certain detection rules. Despite the impact this has on threat visibility, more than half (57%) of organisations surveyed by Prophet admitted to suppressing detection rules to reduce triage and investigation workload. Given such a high volume of alerts and the questionable coping mechanisms of under-resourced and overworked SOC teams, it is not surprising that the top three SOC team challenges identified by survey respondents were triage/investigation taking too long (cited by 36%), gaps in 24/7 SOC coverage (32%) and analyst burnout and/or turnover (31%). An AI future Another response to these challenges, already adopted by 55% of organisations, is to use AI to augment security operations, with the most popular applications being alert triage and investigation (cited by 67% of respondents), detection engineering and tuning to refine detection rules and reduce false positives (67%) and proactive threat hunting (64%) – all key capabilities of the Prophet AI platform. Filip Stojkovski, Founder & Lead Researcher at SecOps Unpacked, says that by carrying out repetitive, tedious tasks in a fraction of the time taken by humans, AI has a big role to play in the future of SecOps, not least by freeing up analysts to focus on high-value work. He said: “The AI SOC transformation wave is no longer a vision, it’s happening now. This report puts hard numbers behind what many of us in the field already see: the alert problem has reached breaking point, and AI is being applied first where it matters most, in alert triage, investigation and detection engineering. These aren’t nice-to-have features; they’re the only way for teams to keep up. If AI helps reduce the noise and gives analysts back time, that’s the shift that matters.” https://www.prophetsecurity.ai/ ai-soc-adoption-trends you’ll have to revoke all their sessions, change their passwords, reset their MFA,” he explained. “When we started to look at this scenario, it was obvious that every company does things slightly differently. If you run a SOC or provide that service to customers, you want a one size fits all otherwise your costs explode, but that won’t fit every business’s process. What Torq enables us to do in just 5-10 minutes is build that workflow utilising AI and offer that personalised approach to the customer. Instantly, our AI agent within our SOC is communicating with the individual concerned, finding out where they are and either closing down all of the alerts or revoking all of their sessions, disabling their account and getting a highly skilled SOC agent to analyse what’s going on. “We started out with that proof of concept with Torq and built that workflow, integrated into our Azure AD, our HR system and our SOC within 15 minutes. We believe that ability to tailor our service to our customers’ needs is a differentiator.” https://kyoceracyber.com/
RkJQdWJsaXNoZXIy NDUxNDM=