InfoBrief: A Day in the Life of a Cyber Security Pro
Abstract: The data indicates that alerting systems are not operating in a generally efficient manner. Many incidents are automatically misclassified as critical alerts. By itself this problem is unacceptable, but added to the fact that a large number of alerted incidents are actually false positives that should not have been generated in the first place, it is becoming easier to see why security teams feel stressed and overwhelmed. Because of the time needed to manually investigate each alert to determine whether it is really critical or a false positive, teams are falling behind on alerts--creating a huge backlog of unworked tickets. This is a strong reason why dwell time for breaches is over six months. Many organizations turn to ìtuningî systems to reduce generated alerts, leading to the scenario where real alerts are never generated due to improper tuning. While larger teams could solve the problem, trained personnel are not available and this particular solution does not scale. It also does not address the root of the problem. Ultimately, this is a tools issue. The systems are not given enough context at alert creation to properly classify the incoming alerts and identify vulnerabilities. Read more to understand the issues surrounding these problems. |
Author:
|