Andrew Bartlam of Orca discusses how to manage ‘Alert Fatigue’ in cloud security
Mon 14 Mar 2022 | Andrew Bartlam
Andrew Bartlam, VP of EMEA Sales at Orca, sat down with us to talk about current and future challenges in Cybersecurity and how to solve them.
What is ‘alert fatigue’?
Alert fatigue is a common problem for cybersecurity professionals. Security teams receive an average of 174,000 alerts every week, before sifting through them to eliminate duplicates and ensure that data security is maintained.
The sheer volume of requests means that resources are stretched too thin to effectively address security issues as they arise. 79% of survey respondents said that the mean time to respond (MTTR) to a security issue is over 4 days, due in large part to a lack of qualified personnel addressing security alerts when they occur.
Because of this, organisations are often tempted to invest in security tools or software that promises to help with the issue of alert fatigue. Enterprises maintain an average of 19 different security tools which often, instead of helping to resolve alert fatigue, actually add to the problem by duplicating alerts. In fact, 71% of IT professionals report that the time they spend managing security tool sprawl detracts from their ability to effectively solve security issues.
The lift-and-shift method of cloud adoption has also contributed to the number of security vendors engaged by a business.
Often, when an application was migrated to the cloud, the security solution was migrated alongside the application that it served on-premise. It can be difficult to dedicate resources to evaluating solutions that are already in place.
To combat alert fatigue, businesses need to invest in a security solution that is comprehensive, specific, and contextual… comprehensive, to eliminate the duplication of alerts that drives the volume of alerts higher, and also to eliminate vendor sprawl that channels resources away from critical security issues, and specific – to ensure that issues are easily categorized into different priorities, so that the more urgent problems are addressed immediately. And contextual, so that security teams understand the issue within the security environment as a whole.
Traditionally, security teams would employ an agent that would have to be installed on every instance separately. But the exponential growth of the cloud made agent-based security solutions challenging to monitor and maintain. Alert fatigue is a serious problem for security teams, adding to backlog, stress, and insufficient resources.
“To overcome alert fatigue, it is critical that cybersecurity professionals have a tool that is specific and contextual.”
To combat alert fatigue, and prepare for future cloud growth, look for a solution that not only helps eliminate security vulnerabilities but that also reduces the overall number of alerts, and provides a method for prioritising the rest.
Written by Andrew Bartlam Mon 14 Mar 2022
Tags:alert fatigue cloud and cybersecurity expo cyber security
Security Tue 18 May 2021False positives are only one part of a bigger cybersecu...