According to a report from Vectra AI, SOC practitioners feel they are losing ground in this critical battle due to a surplus of siloed tools and an insufficient attack signal. Although there are signs of progress, such as improved visibility in hybrid environments, the sheer volume of alerts remains a significant obstacle.
Sixty percent of SOC practitioners report that threat detection tools from vendors generate excessive noise and too many alerts, with 71% stating vendors need to take greater accountability when breaches occur. Additionally, 81% of SOC professionals spend over two hours each day triaging security events, with half of them saying their tools hinder more than help in identifying real threats. On average, SOC teams can only handle 38% of the alerts they receive, and just 16% of those are considered legitimate attacks. Alarmingly, 60% indicate that many of their tools are acquired primarily for compliance, rather than effectiveness.
Amid these frustrations, the adoption of AI-driven threat detection solutions is growing, with SOC teams placing greater trust in AI’s ability to improve detection and response. Many practitioners see AI as a way to enhance threat signal accuracy, reduce workloads, and replace outdated tools. Despite concerns about adding complexity to already strained systems, the commitment to AI-powered solutions is strong, with 85% of SOC professionals reporting increased investment in AI over the past year, and 67% noting a positive impact on their ability to manage threats.
AI is not only improving detection but also alleviating some of the pressure on SOC teams, with 75% stating that AI has reduced their workload, and 73% reporting it has lessened burnout over the past year. Looking ahead, 89% plan to increase their use of AI-driven tools to phase out legacy solutions.
While SOC teams are optimistic about AI’s potential, trust in current tools and vendors needs to be rebuilt. As Mark Wojtasiak, VP of research and strategy at Vectra AI, explains, “AI-powered offerings are making a positive difference, but for vendors to regain the trust of security teams, they must demonstrate how their solutions add genuine value without increasing the burden on already overworked SOC teams.”