Edge Articles

Configure with Care

When you buy a threat detection tool, security information and event management (SIEM) system, or other platform, don't assume it will surface valuable information from the start, says Chronicle Security's Chuvakin. Companies can worsen alert fatigue with high expectations of systems that immediately generate streams of crisp, actionable alerts.

"I've never seen that," he notes. "Moreover, if you use a tool that [shows] every alert is crisp and actionable, you are probably missing a lot of things."

Misconfiguration is a common and dangerous problem, Digital Shadows' Gold says. Some alert systems are trigger-happy because security teams prefer to err on the side of caution rather than miss something. This leads to a "boy who cried wolf" scenario in which they are burdened with alerts that don't convey any value, so teams ignore them and don't respond if it's something important.

"It's often the case that people who are made to configure these things are not given the necessary training and background to configure them correctly," he says. Some systems may raise an urgent alert for a bug that is critical for that specific tool but difficult to exploit and may not demand a "stop the press" attitude. Businesses need to better understand their problems.

"Misconfiguration is the biggest issue we deal with today," Vectra's Morales says. "It creates more work for the security team."

(Image: Ronstik - stock.adobe.com)

Configure with Care

When you buy a threat detection tool, security information and event management (SIEM) system, or other platform, don't assume it will surface valuable information from the start, says Chronicle Security's Chuvakin. Companies can worsen alert fatigue with high expectations of systems that immediately generate streams of crisp, actionable alerts.

"I've never seen that," he notes. "Moreover, if you use a tool that [shows] every alert is crisp and actionable, you are probably missing a lot of things."

Misconfiguration is a common and dangerous problem, Digital Shadows' Gold says. Some alert systems are trigger-happy because security teams prefer to err on the side of caution rather than miss something. This leads to a "boy who cried wolf" scenario in which they are burdened with alerts that don't convey any value, so teams ignore them and don't respond if it's something important.

"It's often the case that people who are made to configure these things are not given the necessary training and background to configure them correctly," he says. Some systems may raise an urgent alert for a bug that is critical for that specific tool but difficult to exploit and may not demand a "stop the press" attitude. Businesses need to better understand their problems.

"Misconfiguration is the biggest issue we deal with today," Vectra's Morales says. "It creates more work for the security team."

(Image: Ronstik - stock.adobe.com)

3 of 8