Alert overload and false positives still plague the cybersecurity industry

One of the biggest hindrances for cybersecurity practitioners everywhere is alert overload, a problem that was only exacerbated in 2020, according to a new report from CRITICALSTART.

Compared to 2019, 12 percent more IT pros now investigate between 10 and 20 alerts every day. The number of IT pros that investigate anywhere between 21 and 40 alerts a day also grew by 14 percent.

In many cases, the alerts are false positives. For the majority of the respondents, anywhere between 25 and 75 percent of alerts investigated turn out to be false positives.

To try and minimize the number of false alarms, almost half of SOC pros turn off high volume alerting features, especially when there are too many alerts to go through. This could result in the investigators missing legitimate issues.

Investigating the impact of Covid-19 on alert management, CRITICALSTART found that the pandemic only made the situation worse. For the majority of SOC professionals, alerts have increased in numbers since March 2020.

To improve the situation, most businesses are organizing additional education and training. The report found that almost all (95 percent) of SOC pros receive more than 10 hours of training each year.

Source link