Alert Fatigue Is Becoming a Security Threat of Its Own
Alert fatigue and its related effects on SOC efficiency are self-evident problems. Less obvious and more complex are the cause, effect and possible solutions to these problems.
SOC analysts are inundated with a huge and continuous volume of alerts generated by security tools. Each alert is often meaningless absent correlation with other alerts. But finding relationships is time-consuming, and even if found, might be irrelevant to business security. Much of the alert volume is simply noise, but attempting correlation to find true positive alerts (signals) from the huge number of false positives (noise) is difficult, boring, and often pointless.
The reasons are numerous:
Absence of automated prioritization. Security tools are great at detecting alert signals but poor at prioritizing them. Alerts sometimes arrive with a score. “A tool might say, ‘I found a threat. The score is 32 out of 100’,” comments Obbe Knoop, founder and CEO at Lanxit....
Copyright of this story solely belongs to securityweek.com. To see the full text click HERE