What the Stryker Incident Reveals About Handala's Attack Playbook.
Read the blog

What the Stryker Incident Reveals About Handala's Attack Playbook. Read the blog →

Vectra AI、2025年ガートナーのネットワーク検知とレスポンス (NDR) のマジック・クアドラントにおいてリーダーの1社に
Hamburger icon top line
Hamburger icon middle line
Hamburger icon bottom line
  1. Blogs
    >
  2. User and Entity Behavior Analytics

What We Learned from Analyzing Millions of Alerts

April 13, 2026
4/13/2026
Zoey Chu
Product Marketing Manager
What We Learned from Analyzing Millions of Alerts

Fact: Security professionals are drowning in detection noise.

This isn’t new, but it can get worse.  

As enterprises evolve into AI-driven environments, the volume of activity across identity, cloud, SaaS, and network has exploded. Every authentication, API call, workload interaction, and AI-powered process generates telemetry. And with that comes more alerts. This results in security teams being buried in signals but struggling to find what actually matters.  

So, we asked a simple question: What’s really happening underneath all that noise and how can teams investigate and respond faster?

To find out, we analyzed millions of detections across our managed services and Respond UX deployments to understand where real threats exist and how security teams can cut through the noise to investigate and respond faster.  

Patterns We Saw

Without giving it all away (you’ll want to check out the full report), here are a few themes we uncovered:

  • After Vectra AI Agents’ triage, prioritization, stitching, and analysis, less than 0.1% of detections are real threats.  
  • Identity-based attacks are dominating, especially from places we often overlook.
  • Custom detections matter more than many realize, especially when it comes to surfacing high-value threats.

Why This Matters

Why noise slows you down

Every false positive wastes investigation time, delays real threat response, and increases analyst fatigue. And in today’s AI-driven environments, where human and non-human identities are multiplying and constant, noise only scales. Meanwhile, attackers are accelerating with AI.  

How to investigate and respond faster

  • Prioritize real signal: use AI to surface the small fraction of activity that indicates real risk
  • Focus on identity: most modern attacks are identity-driven so this is where the context lives
  • Connect the dots: correlate activity across the modern network to see the full attack
  • Automate investigation: eliminate manual stitching so analysts can act immediately  

You don’t investigate faster by working harder. You investigate faster by reducing noise, elevating real threats, and acting on high-confidence signals. Because speed comes from knowing what matters, not seeing everything.  

Check out the full report: Reducing Noise, Elevating Threats

FAQs