Security Alerts Double and Security Teams Can’t Get to Them All

Help Net Security recently wrote about a new survey of IT professionals, that revealed that security alerts have doubled over the last five year for 70% of the respondents.  In addition, 75% said that they would need an additional 3 or more staff to address all the security alerts that they receive from their security devices in a typical day.

These number shouldn’t be that surprising given what we know about the Target breach that happened back in 2013.  It was widely reported back then that Target had received early alerts about the breach and failed to act on them, likely because they had too many alerts.  Many articles pointed to the fact that most organizations received 17,000 alerts a week, and only 19% of them were actionable (meaning the remaining were false positives and did not in fact point to real security threats).

This newest study just reiterates the conclusion we already know.  There’s too many security alerts, and there aren’t enough security professionals in most organizations to respond adequately to these alerts.

The study had some additional troubling results including:

  • 99% report high volumes of alerts cause problems for IT security teams
  • 83% say their security staff experiences “alert fatigue”
  • 88% face challenges with their current SIEM

These struggles faced by IT security personnel point to a need for a new way to do security.

The results of the study seem to indicate that we need to find ways to make Application Security easier and more informative for the security team.    K2 Cyber Security can help address these needs by providing application security that issues alerts based on severity and includes actionable alerts that provide complete visibility to the attacks and the vulnerabilities that the attacks are targeting including the location of the vulnerability within the application, providing details like file name and line of code where the vulnerability exists.  K2 can also help reduce vulnerability in production by assisting in pre-production and addressing issues around the lack of remediation guidance and the poor quality of security penetration testing results.  K2 Cyber Security Platform is a great addition for adding visibility into the threats discovered by penetration and security testing tools in pre-production and can also find additional vulnerabilities during testing that testing tools may have missed.  K2 can pinpoint the exact location of the discovered vulnerability in the code.  When a vulnerability is discovered (for example, SQL Injection, XSS or Remote Code Injection), K2 can disclose the exact file name along with the line of code that contains the vulnerability, details that testing tools typically are unable to provide, enabling developers to start the remediation process quickly.

K2 Cyber Security Platform offers two use cases, for additional visibility during pre-production (development) penetration testing, while the other is runtime protection for applications in production.  In the second use case,  K2 offers an ideal runtime protection security solution that detects true zero-day attacks, while at the same time generates the least false positives and alerts.  Rather than rely on technologies like signatures, heuristics, fuzzy logic, machine learning or AI, we use a deterministic approach to detect true zero-day attacks, without being limited to detecting attacks based on prior attack knowledge.  Deterministic security uses application execution validation, and verifies the API calls are functioning the way the code intended.  There is no use of any prior knowledge about an attack or the underlying vulnerability, which gives our approach the true ability to detect new zero-day attacks. Our technology has 8 patents granted/pending, and has minimal false alerts.

Get more out of your application security testing and change how you protect your applications, and check out K2’s application workload security solution.

Find out more about K2 today by requesting a demo, or get your free trial.

Image source: https://www.helpnetsecurity.com/2020/07/13/volume-of-security-alerts/


The post Security Alerts Double and Security Teams Can’t Get to Them All appeared first on K2io.

Recent Articles By Author

*** This is a Security Bloggers Network syndicated blog from K2io authored by Timothy Chiu, VP of Marketing. Read the original post at: https://www.k2io.com/security-alerts-double-and-security-teams-cant-get-to-them-all/