The Alert Overload Problem

10671575884?profile=RESIZE_400xOn a daily basis, an average cyber security team receives tens of thousands of security alerts.  Many analysts feel like they cannot get their heads above water during their shift.  This work atmosphere leads to quick physical burnout and even apathy in the face of this volume of continuous, tedious work.  HR surveys have found that some security analysts feel so overwhelmed they ignore alerts and even walk away from their computers.  In fact, these surveys found that 70% of security teams feel emotionally overwhelmed by alerts, and more than 55% of security professionals do not feel fully confident that they can prioritize and respond to every alert that really does need attention.  Cyber-criminals know this too. 

On the security side, there is not a single moment to waste when there is a legitimate threat as damage can occur so quickly.  The threat landscape is changing, and your organization needs a security team that is not only on top of their game but also has the foresight to anticipate emerging threats.  So, the issue of alert overload is one of the main issues for disaster when it comes to business risk.  The risks are only growing (think of supply chains and ransomware attacks on critical industries like healthcare and utilities).

Because of the sheer volume, it is only a matter of time before a legitimate threat goes undetected and results in devastating consequences for an organization and even private citizens who entrust their data to that organization.  Security teams are at a critical juncture and need to figure out how to mitigate alert overload and get strategic about the response.[1]

Cynet's recently released a guide which offers a few ways security leads can pull their analysts out of the ocean of false positives and get them back to shore.  It includes tips on how to reduce alerts using automation and shares guidance for organizations that are considering outsourcing their managed detection and response (MDR).  Spoiler: the guide also shares how security teams can detangle the web of security tools necessary for automation.

See:  https://go.cynet.com/solving_alert_overload_and_handling_guide

In addition to providing context for why alerts are making cybersecurity worse and how these alerts become overwhelming, the guide shares insights on:

  • Outsourcing managed detection and response (MDR) is a great option if you need to scale quickly and do not have the resources. MDRs can help reduce stress and give your team time back.  Another consideration is cost. You also will need to invest time in finding an MDR that's right for your business.  Outsourcing may or may not be the right solution for your unique needs.
  • How to reduce alerts? It starts with a strategy, review your existing tech and make sure you have optimized their settings and your tools are calibrated.  The solution is not about reducing alerts so much as it is about how you have set your team up to respond.
  • Introducing automated response, even the leanest security teams can tackle threats if they use automation. Automation allows security teams to quickly respond to alerts at scale.  But one of the biggest challenges with automation is knowing how to properly set it up in the first place.
  • One of the reasons setting up automations is a challenge is because of the abundance of tech tools that need to be integrated (like EDR, NDR, IPS, firewalls, antispam, DNS filtering, etc.). The key is to know how to put all of these tools in one place.
  • Autonomous breach protection made easy; it requires integration. But having these tools in one place has some significant benefits: it can be easy and does not require a lot of technical expertise, the all-in-one solution is more cost-effective, and it allows for faster detection and more informed response.

Internally, remember to cover all of the basics of good cyber hygiene through constant training and hopefully eliminate a percentage of alerts due to good practices.  You can’t let your guard down. 

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  Our data provides pro-active indicators of compromise which can be used to blacklist incoming threats.  This will help mitigate the volume of incoming threats.  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs. com    

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5504229295967742989

 

[1] https://thehackernews.com/2022/07/dealing-with-alert-overload-theres.html

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!