As the global cybersecurity climate continues to heat up, so too do the subsequent levels of alert fatigue IT security professionals have to deal with.
A recent survey by Imperva reveals that nine percent of UK security teams battle with over five million alerts each week. Five million, just let that sink in for a minute.
We spoke to 185 security professionals at Infosecurity Europe, revealing that nine percent of security professionals have to deal with over a million security alerts each day, leaving 22% feeling “stressed and frustrated.”
Fighting false positives
Our survey revealed that 63% of organizations often struggle to pinpoint which security incidents are critical, while 66% admitted they have ignored an alert due to a previous false-positive result.
Today’s security teams are on the receiving end of an avalanche of alerts and; while many of these alerts represent false positives, a large number also alert teams to critical events which, if ignored, could put an organization at serious risk. With IT security teams already spread thin, these alerts pile on additional pressure, which can become overwhelming.
The study also asked how many hours respondents spend every day dealing with security incidents; revealing that only 25% spend less than an hour, 31% spend between one and four hours, while 44% of security professionals admitted to spending over four hours every day dealing with security incidents.
Additionally, when respondents were asked what happens when the Security Operations Centre (SOC) has too many alerts for analysts to process, worryingly, nine percent said they turn off alert notifications altogether. 23% of Respondents said they ignore certain categories of alerts, 58% said they tune their policies to reduce alert volumes, and a lucky 10% said they hire more SOC engineers.
Not all businesses have the luxury to hire more staff when alert volume becomes too high, so Imperva has developed a solution which can help address this burden. Attack Analytics uses the power of artificial intelligence to automatically group, consolidate and analyze thousands of web application firewall (WAF) security alerts across different environments to identify the most critical security events. The solution combats security alert fatigue and allows security teams to easily identify the attacks that pose the highest risk.