We are excited to bring Transform 2022 back in person from July 19th, effectively July 20th to 28th. Join an AI and data leader for insightful talk and exciting networking opportunities. Register today!
Responding to the latest threats is not easy, especially if your security team needs to manage 11,000 alerts per day.
A new ESG study by Kaspersky, SOC Modernization and the Role of XDR, was released earlier this week, revealing that 70% of organizations are struggling to keep up with the amount of alerts generated by security analysis tools. ..
Still, it’s not just the proliferation of security alerts that keeps security teams productive. Also, the number of vulnerabilities found is overwhelming, with 28,695 discovered last year alone, too much to mitigate even the most resource-rich security teams.
Despite this huge number of vulnerabilities, it’s not surprising that 70% of security experts believe that vulnerability management programs are to some extent effective, according to the latest NopSec report. It is about. So how can an organization address these frontal challenges?
Fixed a chaotic increase in alerts
For years, the large number of alerts generated by security tools in the Security Operations Center (SOC) has been one of the biggest challenges faced by security analysts.
Analysts are often pressured to monitor dozens of tools that are generating their own alerts. Only a few of these notifications are useful and related to active security incidents, but many are simply false positives.
Studies show that 45% of daily security alerts are false positives and take so much time to contact that 75% of companies spend the same amount or more time on false positives than legitimate attacks by organizations. Report that you are spending.
When it comes to dealing with the chaotic increase in alerts, Sergey Solodatov, Head of SOC at Kaspersky, says enterprises need to use automation to optimize their detection and response processes.
“Automation at all stages of alert processing helps here,” says Solodatov. “For example, our SOC has a patented AI-powered car analyst who learns from an analysis of the history of alerts processed by a team of SOC analysts.”
He states that “automatic analysts” were the first line of Kaspersky’s SOC and helped cut the number of false positive alerts sent to the company’s SOC team for analysis in half.
“For alerts that the SOC team needs to handle, we need to create tools for automated processing so that SOC analysts can investigate the alerts conveniently and quickly. Get the additional information they need quickly and attack. You can visualize the stages, “says Solodatov. ..
Climb a mountain of vulnerabilities
When trying to address an ever-growing number of security vulnerabilities, the answer for businesses may be risk-based prioritization.
One of the key findings from NopSec’s report is that 58% of experts say they do not use a risk-based rating system to prioritize vulnerabilities. These organizations have inefficient vulnerability management processes that fail to secure high-risk vulnerabilities first.
“In reality, most organizations are drowning in overloading vulnerabilities. Too many vulnerabilities, inadequate context, and lack of staff can lead to these ineffective programs.” , Said Lisa Xu, CEO of NopSec.
“Without the right kind of tools to provide real-world context and understand the thousands of vulnerabilities that plague organizations, the battle is lost from the beginning,” Xu said.
For Xu, the answer is that organizations use vulnerability management solutions with risk assessments to gather a more detailed context of the severity of vulnerabilities that exist throughout the environment.
This allows security teams to prioritize fixing critical vulnerabilities first, rather than patching the system on an ad hoc basis.
Take SOC operations to the next level
Whether managing alerts or vulnerabilities, security teams are keen to pursue operational excellence. In practice, this not only actively mitigates and eliminates entry points into the environment, but also ensures the intelligence and visibility needed to identify intrusions.
Kaspersky recommends that organizations have security teams shift work at the SOC to distribute tasks to avoid staff overwork and reduce the likelihood of burnout.
At the same time, organizations are encouraged to deploy threat intelligence services that provide low-maintenance intelligence feeds that integrate with existing security tools such as security information and event management (SIEM) systems. This gives you a clearer picture of the threat situation and automates the triage process.
Then, combine these measures with managed detection and response (MDR) or enhanced detection and response (XDR) services to ensure that your organization can take steps to respond quickly to live incidents.
After all, the answer to alerts and the chaotic spread of vulnerabilities is to work smart, not hard.
Venture Beat’s mission It’s about becoming a Digital Town Square for technical decision makers to gain knowledge about innovative enterprise technologies and transactions. See membership details.