Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Efficient Alert Management Lacking in Many Organizations: Report

Security alerts can be highly useful in protecting an organization against a data breach, but inefficient alert management can have serious consequences, a new report shows.

Security alerts can be highly useful in protecting an organization against a data breach, but inefficient alert management can have serious consequences, a new report shows.

The study, conducted by IDC on behalf of FireEye, has revealed that roughly 15% of global organizations face more than 50,000 security alerts each month. In the United States, 37% of organizations receive over 50,000 alerts, while nearly one third of them have to deal with between 10,000 and 49,999 alerts.

According to the report, 35% of the 500 surveyed enterprises spend as many as 500 hours per month dealing with security alerts, which means at least three full time positions are needed just for alert management.

The problem is that more than half of the alerts are false positives, and roughly one third of them are redundant across multiple threat detection platforms. However, only 42% of the respondents say they have automated systems in place for ignoring duplicate alerts, while the rest review them manually.

When it comes to addressing alerts, 75% of those surveyed said it takes them less than 5 hours to respond to critical alerts. On the other hand, 60% of respondents said moderate alert responses take between 6 and 12 hours, while 30% indicated that it takes more than one day to handle low priority alerts. This gives potential attackers enough time to cause damage.

Another issue highlighted in the report is that the volume of alerts might be masking quality problems. Almost half of respondents review the configuration of their security product every month in an effort to reduce alerts, but close to 80% of those who took part in the survey believe the quality of their alerts is either excellent or almost excellent. According to FireEye, this indicates a gap in how alert quality is perceived.

Advertisement. Scroll to continue reading.

Roughly half of most companies’ IT security budget goes to alert monitoring. However, 75% of organizations don’t have dedicated staff for monitoring alerts, and only 35% of organizations outsource, the report shows.

According to a study published last week by the Ponemon Institute and Damballa, organizations in the United States spend 21,000 hours per year on false positives, which translates into nearly $1.3 million wasted each year because of inaccurate intelligence.

“In resource-limited environments, every alert counts. Since most of us work in such environments, we need to ensure that we populate the work queue with only reliable, high fidelity, actionable alerts,” Joshua Goldfarb, Chief Security Strategist of FireEye’s Enterprise Forensics Group, said in a recent SecurityWeek column. “Fans of the conventional approach may say, ‘If I reduce from 100,000 alerts a day to 100 alerts a day, I may miss something.’ To those people, I would ask the following question: If you never look at 99% of your alerts, or you quickly dismiss them as false positives, what is the point of firing those alerts and what value do they add to security operations? Further, are you certain that you would not miss important alerts because their signal would be lost in the noise?”

“Before purchasing any technology intended to produce alerts destined for the work queue, we should ensure that it allows us to hone in on the activity we want to identify (the true positives/the signal), while minimizing the activity we do not want to identify (the false positives/the noise). As always, these technologies are tools that need to be properly leveraged as part of the larger people, process, and technology picture,” Goldfarb explained.

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.