Security Operation Centers face a flood of excessive alerts and are working with outdated metrics that are leading to alert fatigue for many security operation centers (SOC) according to a new study released by Fidelis Cybersecurity.* Bob Noel, Director of Strategic Relationships and Marketing at Plixer commented below.
Bob Noel, Director of Strategic Relationships and Marketing at Plixer:
“High volumes of false positives create significant risk to organizations. Analysts who are constantly investigating false alarms become desensitized to the urgency of each effort, losing focus and potentially missing real events. There are a few important directions the industry must take to improve the accuracy of alert notification. First, analysts must gain better context and insight through the integration of SIEM (syslog aggregation) and Network Traffic Analysis (NTA) platforms. When an alarm is generated, this allows the analyst to correlate log-driven alarms, with the associated network traffic to quickly assess alert validity. Security vendors are also doing a better job of providing richer APIs. This allows for cross platform integration so that analysts can more easily navigate and correlate data across otherwise disparate silos of security-related data (firewall, SIEM, NTA, vulnerability assessment, etc.). Finally, the rise of machine learning promises to offer a mechanism to reduce the number of alarms sent to analysts.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.