CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?


Incident Response

Cutting Through the Noise: How to Manage a Large Volume of Cyber Alerts

Managing Security Alerts

Managing Security Alerts

As we have seen with cases like the Target breach, failure to adequately investigate and effectively react to security alerts can have devastating consequences for businesses and customers.  Security professionals today have to deal with an escalating number of risk alerts to better manage and prioritize alerts and their response to them. 

This is a growing concern for many organizations as the volume of security alerts is frequently the prevailing factor in high-profile data breaches.  Alerts can number in the thousands, or tens of thousands, a month.  According to a survey by International Data Corporation (IDC), 37 percent of cyber security professionals reported facing 10,000 alerts per month of which 52 percent are false positives.  The end result is a swamped staff.

But despite the overwhelming volumes, staff can cut through the noise and better-manage cyber security alerts by:

Refresh Staff – On a given day, cyber security professionals are vastly outnumbered by alerts.  A business with three full-time personnel can face 300 alerts a day, the IDC study found, also noting more than 35 percent of companies spend 500 hours a month responding to alerts.   It’s little wonder cyber security staffs are exhausted—which is exactly what cyber criminals are counting on.  Simply hiring more people to manage the ever increasing volumes is not a solution. 

Instead, build a better-organized team of rotating, rested personnel to prevent fatigue against alert volume.  For a small company with a small staff, the Financial Industry Regulatory Authority (FINRA) has recommended partnering with a managed security services provider (MSSP), and this guidance holds true across industries.  

Behavioral Analysis – Analytics that detect but do not prioritize alerts, are giving way to big data, behavioral analytics-based threat detection and cyber defenses that help staff prioritize by utilizing more operationalized intelligence. Behavioral analysis expands what cyber defense can achieve by using business specific historical data to understand normal behavioral patterns and detect anomalous activity. This provides more affective, prioritized alerts and quicker decision-making.  This approach moves beyond simple signature detection which flags everything so that your staff is focused on the most important (i.e. most dangerous) events.    

Automate and Streamline Responses – Operationalizing cyber response is critical in an environment in which, according to the same IDC survey, more than 40% of cyber security professionals still review alerts manually. Security personnel have many competing priorities, including analyzing alerts. Limit analysts to judging alerts and defending the company, not responding to them. Response is better handled either by your infrastructure team or by a separate incident response team that has well-thought-through remediation plans for different types of attacks.  Let your security analysts focus on what to do to keep your company secure and leverage others to do the work. In this design, correlating alerts with relevant threat intelligence and analysis tools maximizes the effectiveness of the analysis stage.  Automatically capturing relevant information, managing workflow, and seamlessly integrating into ticketing systems quickly frees your analysts to deal with the next threat.  By effectively prioritizing threats and minimizing the pre-analysis and post-analysis activities your security analysts can best defend your company. 

As the number of cyber attacks increase exponentially and these attacks become more complex, the volume of alerts facing today’s cyber professionals will only continue to grow. To effectively manage cyber security alerts volume, rethink everything about cyber security. Alert monitoring should entail a thorough assessment of effectiveness and a realization that increasing volumes cannot be managed by a staff already overwhelmed.  Consider proactive testing, refreshing policy and outsourcing to manage volume.  The companies that do will be better able to cut through the noise – to identify and act on their most critical cyber threats and operationalize their defenses. 

Advertisement. Scroll to continue reading.
Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Artificial Intelligence

Two new surveys stress the need for automation and AI – but one survey raises the additional specter of the growing use of bring...