Security Operation Centers face a flood of excessive alerts and are working with outdated metrics that are leading to alert fatigue for many security operation centers (SOC) according to a new study released by Fidelis Cybersecurity.* Bob Noel, Director of Strategic Relationships and Marketing at Plixer commented below.
Bob Noel, Director of Strategic Relationships and Marketing at Plixer:
“High volumes of false positives create significant risk to organizations. Analysts who are constantly investigating false alarms become desensitized to the urgency of each effort, losing focus and potentially missing real events. There are a few important directions the industry must take to improve the accuracy of alert notification. First, analysts must gain better context and insight through the integration of SIEM (syslog aggregation) and Network Traffic Analysis (NTA) platforms. When an alarm is generated, this allows the analyst to correlate log-driven alarms, with the associated network traffic to quickly assess alert validity. Security vendors are also doing a better job of providing richer APIs. This allows for cross platform integration so that analysts can more easily navigate and correlate data across otherwise disparate silos of security-related data (firewall, SIEM, NTA, vulnerability assessment, etc.). Finally, the rise of machine learning promises to offer a mechanism to reduce the number of alarms sent to analysts.”