NEWS Report

96% of Security Analysts in The UAE & KSA fear Missing a Relevant Security Event

Kevin-Kennedy,-VP-of-Product-Management,-Vectra

This is despite 90% of regional SOC analysts saying their current threat detection tools are effective, revealing a disconnect in ability of threat detection tools in preventing cyber attacks.

Vectra AI have announced the findings of its 2023 State of Threat Detection Research Report, providing insight into the “spiral of more” that is preventing security operations center (SOC) teams from effectively securing their organizations from cyberattacks. Based on a survey of 2,000 SecOps analysts — including 200 in the UAE and KSA — the report breaks down why the current approach to security operations is not sustainable.

Today’s security operations (SecOps) teams are tasked with protecting progressively sophisticated, fast-paced cyberattacks. Yet, the complexity of people, processes, and technology at their disposal is making cyber defense increasingly unsustainable. The ever-expanding attack surface combined with evolving attacker methods and increasing SOC analyst workload results in a vicious spiral of more that is preventing security teams from effectively securing their organization. 

Manual alert triage costs organizations $3.3 billion annually in the US alone, and security analysts are tasked with the massive undertaking of detecting, investigating and responding to threats as quickly and efficiently as possible while being challenged by an expanding attack surface and thousands of daily security alerts. 

The study found:
● 48% of IT security analysts in the UAE and KSA report the size of their attack surface has increased in the past three years.
● On average, SOC teams in the UAE and KSA receive 6,736 alerts daily (approx. 2,252 more than the global average) and spend nearly two and a half hours a day manually triaging alerts.
● On average, security analysts in the UAE and KSA are unable to deal with 73% of the daily alerts received, with 85% reporting that alerts are false positives and not worth their time.

“As enterprises shift to hybrid and multi-cloud environments, security teams are continually faced with more — more attack surface, more attacker methods that evade defenses, more noise, more complexity, and more hybrid attacks. The current approach to threat detection is broken, and the findings of this report prove that the surplus of disparate, siloed tools has created too much detection noise for SOC analysts to successfully manage and instead fosters a noisy environment that’s ideal for attackers to invade. As an industry, we cannot continue to feed the spiral, and it’s time to hold security vendors accountable for the efficacy of their signal. The more effective the threat signal, the more cyber resilient and effective the SOC becomes,” said Kevin Kennedy, senior vice president of products at Vectra AI. 


Despite a majority of SOC analysts across the UAE and KSA reporting their tools are effective, the combination of blind spots and a high volume of false positive alerts are preventing regional enterprises and their SOC teams from successfully containing cyber risk. Without visibility across the entire IT infrastructure, organizations are not able to identify even the most common signs of an attack, including lateral movement, privilege escalation, and cloud attack hijacking.  The study also found:
● 96% of surveyed UAE and KSA SOC analysts worry about missing a relevant security event because it’s buried under a flood of alerts. Yet, the vast majority deem their tools effective overall.
● 40% of UAE and KSA security analysts believe alert overload is the norm because vendors are afraid of not flagging an event that could turn out to be important.
● 43% claim that security tools are purchased as a box-ticking exercise to meet compliance requirements, and 54% wish IT team members consulted them before investing in new products.

Despite the increasing adoption of AI and automation tools, the regional security industry still requires a significant number of workers to interpret data, launch investigations, and take remedial action based on the intelligence they are fed. Faced with alert overload and repetitive, mundane tasks, almost three-quarters of security analysts in the UAE and KSA report they are considering or actively leaving their jobs, a statistic that poses a potentially devastating long-term impact to the regional security industry. 

Related posts

Top tips for security – and privacy – enhancing holiday gifts

Channel 360 MEA

Batelco, Ericsson sign MoU

Channel 360 MEA

Riyadh gets Genesys office

Channel 360 MEA

Leave a Comment