The security alerts you ignore are the ones that matter

https://cdn.mos.cms.futurecdn.net/YQaVTQE6JAfu6bvPgwmd5U-2560-80.jpg

With alert volumes running into the hundreds of thousands, security teams have built habits around what to ignore. And attackers have learned to exploit them.

For years, security operations centers (SOCs) have dealt with sorting through the noise of security alerts by prioritizing vulnerabilities based on severity level.

As the enterprise technology stack became more complex with a growing number of endpoints, cloud infrastructure, and multiple identity systems, it became impractical, if not impossible, for SOCs to address every single alert that got flagged.

As a result, most teams have adopted an approach where they focus their efforts on mitigating the medium- and high-severity alerts and dismissing or deprioritizing those flagged as lower risk.

However, just because a threat is deemed “low risk” doesn’t mean it’s “no risk.” Recent large-scale analysis of enterprise security alerts found that around 1% of all incidents can be traced back to alerts initially categorized...

Copyright of this story solely belongs to techradar.com. To see the full text click HERE

Read more