Alert Fatigue and Overload an Issue for Majority of Security Analysts
July 10, 2020
CCME (4607 articles)
Share

Alert Fatigue and Overload an Issue for Majority of Security Analysts

Security professionals are struggling to effectively manage high volumes of security alerts.

According to the 2020 State of SecOps and Automation Report, a study conducted by Dimensional Research on behalf of Sumo Logic, managing the sheer volume of security alerts poses a significant problem for IT security professionals.

Its research of 427 qualified security individuals found 70 had faced more than double the volume of security alerts in the past five years, whilst 99% stated high volumes of alerts were causing problems for IT security teams.

This led 83% to say their security staff had experienced alert fatigue.

“Today’s security operations teams are faced with constant threats of security breaches that can lead to severe fallout including losing customers, diminished brand reputation and reduced revenue,” said Diane Hagglund, principal for Dimensional Research.

“To effectively minimize risk and bridge the gap, many companies rely on automated solutions that provide real-time analysis of security alerts. These findings highlight the challenges SOC teams are facing in a cloud-centric world, but more importantly why enterprises are aggressively looking to cloud-native alternatives for security analytics and operations.”

Although automated security alert processing can help to mitigate this issue, it is still a work in progress for most security teams.

Speaking to Infosecurity, Virtually Informed CISO Sarb Sembhi said, in the last 20 years, technology has been about “collecting and giving you alerts” and until AI came along, there was little in the way of a solution to deal with alerts and to be able to see all alerts in a single view.

“The cause of this is so many different technologies that come into the security estate and give you an alert and tell you something is wrong and somebody has done something, and there is not a single view,” he said. “What you need is a single sense to tell you what the course of action should be.”

He concluded that there is an issue of seeing so many alerts and an analyst having a “so what” attitude, but even if one of a million alerts is dangerous “you cannot become complacent.”

This post Alert Fatigue and Overload an Issue for Majority of Security Analysts originally appeared on InfoSecurity Magazine.

Read More

Related articles

DNC Russian Hacking Group Makes a Comeback

DNC Russian Hacking Group Makes a Comeback

BBC News Goes Dark with Censor-Busting Tor Site

BBC News Goes Dark with Censor-Busting Tor Site

Breach at Indian Airline Affects 1.2 Million Passengers

Breach at Indian Airline Affects 1.2 Million Passengers