Morioh
Login
Angela Dickens

Angela Dickens

3 years ago

Twice as many security teams with high levels of automation resolve most or all alerts the same day compared to those with lower levels of automation .

** **

Continuous intelligence (CI) is essential in situations where actionable insights must be derived from real-time data in milliseconds to seconds. A prime use case for CI is decision support and analysis automation of security alerts. That’s been the case for a while. But the need for automated help is now ever-more critical with cyberattacks on the rise and corporate boundaries being pushed into every employee’s home due to the pandemic.

See also: Using Continuous Intelligence for Decision Support and Automation

A recent Dimensional Research survey, sponsored by Sumo Logic, put the issues into perspective. The survey included 427 IT security stakeholders in organizations with at least 1,000 employees. It found that IT security staff simply cannot keep up with the volume of security alerts organizations receive every day.

Specifically, 56% of companies with more than 10,000 employees must deal with more than 1,000 security alerts per day. Most companies have seen increases in security alerts. Seventy percent of the companies surveyed have seen the volume of security alerts more than double in the past five years.

The challenges are likely to get exacerbated by current work conditions. “You increase the attach surface due to COVID,” said Greg Martin, General Manager of the Security Business Unit at Sumo Logic.

He noted that you have workers and executives using their computers on the same networks as their families. This potentially exposes secure systems to vulnerabilities. “You’re pouring a clean glass of water into a dirty glass of water,” he said.

Overwhelmed with Alerts

Most respondents, 93% of the companies, said they could not address all the security alerts they receive on the same day. And 83% said their security staff experiences alert fatigue.

Such a situation is doubly bad. Lacking the bandwidth, security staff can only do their best in the time available. Certainly, they would focus most of their energy on the highest-level alerts. But therein lies a problem.

Ignoring attacks classified as low-level because there is not enough time or staffing power to get to them opens companies to problems. The reason: Many hackers use compounded and advanced persistent threat (APT) attacks. Essentially, compounded attacks use multiple, small, and less detectable attacks over time. Such an attack might start with a phishing attempt. The result might be the installation of malware or the stealing of credentials. Similarly, an APT attack would have the hacker gains access to a system and remain there for an extended period of time without being detected.

#analytics #streaming analytics #event processing #automation #security challenges #data analytic

Survey Highlights the Need for Automation to Manage Security Alerts

rtinsights.com

Survey Highlights the Need for Automation to Manage Security Alerts

Twice as many security teams with high levels of automation (65%) resolve most or all alerts the same day compared to those with lower levels of automation.

1.05 GEEK