Security detection systems now provide so many alerts for security operations centers that it’s very easy for staffers to fall into the “Boy Who Cried Wolf” reaction pattern. With some estimates of false positives (alerts that aren’t really that critical) between 60% to 80% of a company’s alerts, it’s easy to see why so many people get “alert fatigue”, and why true critical situations can be missed or ignored. Another example - when was the last time you heard a car alarm go off and look outside the window to see if the car was actually being stolen?
In the latest episode of Security Sessions, I spoke with Hexadite CEO Eran Barak about the problem of security alert fatigue, whether hiring extra staff can help the situation, or if automation is the answer.
Among the highlights of the video are the following sections:
1:10 Why are there so many false positives in today’s security detection systems?
2:08 How alert fatigue could have been an issue in the Target breach.
3:23 Can adding more staffers to the security team help alleviate the fatigue, with more bodies able to investigate alerts?
5:06 Can automation help a CSO investigate more alerts and eliminate/reduce the amount of false positives?