Bromium issues warning about 'hidden costs' of detection-based security

SOC teams spend more than £11 million per year triaging threats

Detection-based security tools are insufficient to deal with today's threats, and throw up an unacceptable number of false positives - leading to thousands of wasted man hours.

A survey of 500 CISOs worldwide, by Bromium and Vanson Bourne, shows that the average up-front spend on ‘reactive' security is about £245,000 per year, per company. However, the true cost - considering the time that security teams need to spend on dealing with alerts - is closer to £12 million.

More than three-quarters of the 1 million security alerts generated by these security tools every year are false positives, the survey claims, and security departments bear the brunt of that with wasted time.

Each year, SOC teams spend more 410,000 hours triaging alerts; 2,450 hours rebuilding compromised machines; and 780 hours on patching. The annual labour cost of these hours is more than £11.8 million, per business.

Gregory Webb, CEO of Bromium, says that this wasted time is unavoidable when using detection-based security: "Detection requires a patient zero - someone must get owned and then protection begins. Yet, because of this, rebuilds are unavoidable; false positives balloon; triage becomes more complex and emergency patching is increasingly disruptive… Our customers tell us their SOC teams are drowning in alerts, many of which are false positives, and they are spending millions to address them."

Even layered detection, commonly accepted as a necessary building block in the wall of cyber defence, is ‘fundamentally flawed' when all of the layers are based on detection, Bromium said.

Rather than throwing new apps at the problem, CISOs should consider questions to uncover their hidden costs. For example, where are their weak points; are threats still getting through; and how many alerts and false positives are being generated by their current software?