Alert fatigue is a long-standing problem in cybersecurity that only increases in severity as a company grows. In that sense, alert fatigue is inextricably tied to another challenge: the need for scalability in cybersecurity. Quite often, the remedy for both is to get help, such as with a managed detection and response (MDR) service that can triage, investigate, and respond to alerts.
Market numbers help illustrate the scope of the issue.
Gartner expects worldwide security and risk management spending to increase by more than 14% in 2024 compared to 2023, reaching $215 billion. That figure includes spending on security software and devices that generate alerts, including application security, infrastructure protection, and network security equipment.
A recent article in Security Magazine sums up the correlation between security spending and alerts well: “With companies annually spending hundreds of thousands, or even millions, of dollars on data collection, it is no surprise that alerts would come in fast and hot. But the firehose of alerts can be mind-boggling. Employees can spend extensive time investigating and triaging, or responding to, alerts, many of them manually. Beyond the difficulty of simply keeping up, such a level of alert overload is almost guaranteed to drown out important signals in the noise of false positives and low-priority pings. It can heavily degrade the decision-making process, or bring it to a halt.”
Classic alert fatigue.
Even a company that is successfully treading water in terms of dealing with alerts, may have an issue when it comes to scalability. Most companies will naturally see growth in the number of devices and applications that generate alerts, especially as they adopt flexible work policies with employees working from home and the office.
Couple that with organic growth in revenue and headcount, and the same security operations center (SOC) team that was once successfully treading water may find itself up to their eyeballs in alerts. At that point, as the Security Magazine story suggests, decision-making starts to suffer, and potentially essential alerts get missed. Adding to the problem is the chronic cybersecurity talent and skills gap, which makes it unlikely an organization will be able to hire its way out of the problem.
How MDR Addresses Alert Fatigue
MDR offers a solution to alert fatigue, the cybersecurity scalability challenge, and even the cybersecurity talent shortage. Instead of having your team handle alerts, send the alerts to the MDR provider.
Most MDR providers continuously invest in the latest SOC technologies and methodologies, including artificial intelligence (AI), machine learning (ML), and other automated tools to help with initial alert triage. More mature providers will augment those tools with cybersecurity professionals because, at some point, it takes experience to investigate alerts the machines miss, determine the proper response, and take action to make sure it doesn’t happen again.
How you configure the technology will go a long way toward reducing the number of alerts generated. Here again, it takes seasoned professionals to configure properly and continuously tune various endpoint detection and response (EDR), security information and event management (SIEM), and other tools to accurately identify security threats in your specific environment.
Results can be extreme. A regional healthcare system in California was experiencing nearly 12 million security events every day, far more than its IT team could manage. Experts at Trustwave helped the company identify the false positives and correlate other alerts, ultimately culling the number to just 12 priority incidents requiring investigation.
A lot is going on behind the scenes to deliver those impressive results. Chief among them is the combined security intelligence and applied learnings garnered from Trustwave’s global client engagements, including MDR, penetration tests, advanced threat hunts, digital forensics and incident response (DFIR), and more. It also includes primary threat intelligence research by the Trustwave SpiderLabs team.
Alert fatigue is all too real and only worsens as companies grow and scale. MDR offers a viable solution that helps your security team quickly home in on the most pressing issues while boosting your cyber defenses. Learn more at the Trustwave Managed Detection and Response page.
