Imagine trying to tackle over one million security alerts in a day. That number is so huge that it may sound like hyperbole, but this is exactly what many security teams face. Dealing with such a high volume of potential threats on a regular basis can quickly lead to alert fatigue. Sure, we expect an organization’s security operations center (SOC) to have certain protocols in place that will defend and protect against data breaches, but even the smartest systems still need skilled team members at the helm. And when vital team members are frustrated and exhausted, potential threats have an even greater chance of slipping through the system. During the RSA Conference 2018, Imperva surveyed 179 IT professionals to find out how different teams are dealing with this. Here’s what we found.
Working Through the Noise
A staggering 27 percent of IT professionals reported receiving more than one million threats daily, while 55 percent noted more than 10,000. While it is virtually impossible to respond to such an astronomical number, separating the actual threats from the false-positive alerts also presents a crucial problem. The majority of IT professionals (53 percent) noted that their organization’s SOC’s have struggled to pinpoint which security incidents are critical versus those that are just noise.
And what happens when the SOC has too many alerts for its analysts to process? In some cases, absolutely nothing. An alarming 30 percent of respondents admitted to having flat-out ignored certain categories of alerts, while 4 percent actually turn off the alert notifications altogether. On a slightly more positive note, 10 percent said that they hire on additional SOC engineers to assist with these alerts, and 57 percent tune their policies to reduce alert volume.
Alert Fatigue Can Lead to Neglect
When security teams ignore alerts, it is not for lack of motivation, as we can see based on the volume of daily incidents and the frustrating number of false-positives. Because of this, it can be tempting to disregard future alerts. In our survey, 56 percent of IT professionals admitted to having ignored an alert based on past false-positive experiences. However, alerts that get brushed off can translate to insurmountable losses. Organizations lose money, SOC teams lose valuable time, and consumers are put at risk.
But even when the alerts do not become actual threats, they still cause problems for those dealing with them. The pace at which these alerts flood in daily inevitably creates a stressful and exhausting work environment for SOC team members. A telling 54 percent of respondents noted experiencing a high amount of stress and frustration, while just 6 percent said that they had no additional stress because of these incidents.
Combating Alert Fatigue
Security teams play an indispensable role in their organizations, and it is of no benefit to have so many members experiencing burnout. Companies need to not only be aware of alert fatigue and how it impacts their workers (and their bottom line), but they should also look to technology that uses artificial intelligence and machine learning for help with streamlining processes and reducing the noise created by security alerts.