Do SOC Professionals Know They’re Spending Almost Two Hours a Day Investigating False Positives?

August 20, 2024
Zoey Chu
Product Marketing Manager
Do SOC Professionals Know They’re Spending Almost Two Hours a Day Investigating False Positives?

Vectra AI surveyed 119 SOC professionals to find out how they spend their day-to-day.

As organizations grow bigger and their environments expand to a mixture of on-premises and cloud, the day-to-day of a SOC professional becomes more complex. To understand how SOC professionals are spending their time each day, we surveyed over 100 professionals – and found that SOC professionals are spending an overwhelming amount of time and talent on parts of their jobs that can be outsourced and automated.

Top 5 tasks SOC professionals perform daily

SOC professionals do many things within their day, but in this survey, we narrowed it down to 5 main tasks:

  • Configuring security posture, including identifying threats, building alerts, and triaging filters
  • Tuning rules
  • Managing alerts
  • Investigating false positives
  • Creating reports

Obviously the day-to-day of each SOC professional can look very different depending on their assigned responsibilities and specific roles however, for simplicity's sake, we focused on these 5 tasks for our survey.

SOC Professionals' 10-Hour Workday: Key Insights

Did you catch that?  

SOC professionals are most likely working 10 hours a day, if not more. We came to this conclusion because the results from the survey suggest that SOC professionals are spending, on average, over 8 hours a day on the 5 security tasks we outlined. Specifically, they are spending 8.7 hours a day within a 5-person SOC team. Considering the typical 8-hour workday of an average corporate employee in the US, SOC professionals are already working more than the typical workday by nearly an hour – and that’s only on the 5 SOC tasks outlined. That doesn’t cover administrative tasks, meetings, and other security-related projects.

And lunch.  

SOC professionals are mostly spending their workday managing alerts at an average of 2.56 hours per day. This makes sense as the bulk of their jobs involve securing their organizations from incoming threats. The surprising point is that the next most time-consuming task – investigating false positives which takes up 1.83 hours per day on average. This is nearly 2 hours a day of looking at alerts that end up not being threats at all. Those almost 2 hours could have been dedicated to beefing up security elsewhere in the organization, achieving certifications for business-critical security processes, or even a long, well-deserved lunch break.  

Offload, optimize, and automate SOC work with Vectra AI

What we say from this survey is that the current day-to-day for SOC professionals does not need to be that way.  

This is where the Vectra AI Platform with its AI-driven integrated signal and seasoned MXDR experts can help today’s SOC professionals offload those precious hours and talents on managing alerts, configuring policies, and investigating false positives. With Vectra MXDR and the Vectra AI Platform, SOC professionals can get coverage, clarity, and control on their security programs without having to sacrifice more time and talent, opening opportunities for them to defend their organization from real threats, build their careers, and mentor other analysts.  

What is discussed in this blog is just a brief snapshot of the day-to-day of the SOC professionals we surveyed. To dive deeper into the insights we gathered from this survey and see how much time SOC professionals can optimize and automate, please view our latest eBook.

FAQs