Millions of security alerts hindering detection capabilities of IT pros

Threats / Millions of security alerts hindering detection capabilities of IT pros

31 May 2018

| Author: Jay Jay

More than one in four security professionals at enterprises receive over a million security alerts every single day, which not only makes it impossible for them to analyse each of them but also to separate critical security incidents from hundreds of thousands of false positives.

With such a large number of security alerts and false positives to deal with, security professionals are fighting a losing battle and are resorting to shortcuts to try and deal with as many threat alerts as physically possible.

Millions of security alerts causing alert fatigue

A survey of 179 security professionals carried out by security firm Imperva at the recently-held RSA Conference revealed that in order to deal with a mountain of security alerts, 30 percent of IT professionals are flat-out ignoring certain categories of alerts, and 4 percent of them have turned off the alert notifications altogether.

The inability to deal with the sheer volume of security alerts arriving every single day has also left 53 percent of IT professionals struggling to identify critical security incidents over false positives. While 27 percent of security teams receive over a million alerts each day, 20 percent receive between 10,000 and 100,000 alerts every day and another 8 percent receive between 100,000 and 1,000,000 security alerts each day.

“When security teams ignore alerts, it is not for lack of motivation, as we can see based on the volume of daily incidents and the frustrating number of false-positives. Because of this, it can be tempting to disregard future alerts. However, alerts that get brushed off can translate to insurmountable losses. Organizations lose money, SOC teams lose valuable time, and consumers are put at risk,” the firm noted.

According to the survey, while 54 percent of IT professionals are experiencing stress and exhaustion, 57 percent of them are tuning their policies to reduce the volume of alerts coming in every day, and 30 percent are ignoring certain categories of alerts and dedicating more of their time and resources on other categories.

“Companies need to not only be aware of alert fatigue and how it impacts their workers (and their bottom line), but they should also look to technology that uses artificial intelligence and machine learning for help with streamlining processes and reducing the noise created by security alerts,” researchers at Imperva added.

No time to patch flaws

A similar survey carried out by vulnerability management solutions provider Outpost24 on 155 security professionals at the RSA conference also revealed that as many as 42 percent of IT security professionals are leaving security vulnerabilities unpatched as they either have no idea of how to fix them or do not have the time to address them. This results in enterprise networks featuring old vulnerabilities that are routinely exploited by hackers either for financial gain or to cause reputational damage.

Security professionals at large organisations are also deeply divided over which applications or digital assets are the most vulnerable, and their perceptions influence how they respond to emerging threats. Outpost24’s survey revealed that while 15 percent of IT professionals believed their web applications were least secure, 25 percent were most concerned about their cloud infrastructure and applications, 20 percent said their mobile devices were the most insecure, and 23 percent were most concerned about their IoT devices.

“Outsourcing services like penetration testing can be an excellent way to get a holistic overview of the cyber security exposure across an organisation’s assets as well as expose threats within systems that may well have gone unnoticed.

“To maximize the value of testing investment, remediation action should be taken as close to the time of testing as possible. With the proliferation of connected technologies, the knowledge and resource gap continue to be key challenges. Security staff can easily become overwhelmed and lose focus on the remediation that can be most impactful to the business,” said Bob Egner, vice president at Outpost24.


Organisations not doing enough to strengthen application security

Organisations’ lack of preparedness for cyber threats leading to major crisis

Cyber security practices at UK firms far from perfect, reveal IT security professionals

Source link