Call it alert fatigue. Call it information overload. Call it mind-killing and soul-destroying. The sheer number of alerts coming into a modern security operations center (SOC) can overwhelm even the most dedicated security analysts.
Alerts pour in from many dashboards and security information and event management (SEIM) platforms, with some focused on the network, others on endpoints, some on the firewall and outside-facing servers, and others on critical infrastructure. And with the vast majority of alerts being (fortunately) false alarms, it can be easy to overlook the real warning signs… which may be subtle indications of malicious reconnaissance or an actual breach.
As SC Magazine’s Greg Masters writes in “Crying wolf: Combatting cybersecurity alert fatigue,” nearly three-quarters of security teams stated they were overwhelmed by the volume of vulnerability maintenance work assigned to them. When security teams were queried about contending with threat alerts, 79% said they were overwhelmed by the volume.
And according to Ryan Francis in “False positives still cause threat alert fatigue,” published in CSO, “The Cisco 2017 Security Capabilities Benchmark Study found that, due to various constraints, organizations can investigate only 56 percent of the security alerts they receive on a given day. Half of the investigated alerts (28 percent) are deemed legitimate; less than half (46 percent) of legitimate alerts are remediated. In addition, 44 percent of security operations managers see more than 5000 security alerts per day.”…Click here to read full article.