Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

10:00 AM
Kelly Sheridan
Kelly Sheridan
Edge Features
Connect Directly

Surviving Security Alert Fatigue: 7 Tools and Techniques

Experts discuss why security teams are increasingly overwhelmed with alerts and share tactics for lightening the load.

Define Your Use Case

The most important thing companies can do is spend time understanding the problem, Digital Shadows' Gold says. If you're using an intrusion detection system (IDS), for example, and seeing a ton of alerts, you need to investigate what in your environment could be causing so many false positives? What does a true positive look like compared with a false positive? What is a real threat?

To lessen the flow of alerts, security teams should have use cases for detections, he continues. What are your greatest worries? If you fear credit card data exiting the environment, you can use the IDS to put rules in place for the specific thing you fear.

Detection use cases should represent what your business is concerned about, says Gold. High-fidelity use cases very tightly define your priorities. "You don't want to say, 'I'm concerned about any data leaving the organization,'" he explains. "You want to say, 'I'm concerned about data that looks like this.'"

Adds LastLine's Henderson: "You need to take a step back and spend some time thinking about exactly what it is you're trying to protect. Are you just checking a box? Are you checking a list against some regulation, or rule, or vertical body that says we have to?" If so, you're not checking the right thing, he says. Step back and consider all of your data – do you know where it is?

Before you can trust an alert, you have to know your data, says ReliaQuest CEO Brian Murphy. Security teams should "leverage automation only after they can trust the data they're automating," he explains, emphasizing the importance of analyzing accurate information.

(Image: Pathdoc - stock.adobe.com)

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
2 of 8
Print  | 
More Insights
Flash Poll