2nd Edition

Tracking the trends and news for IT and IT Security

Paul

Burdened by False Positives, Security Analysts Report Increased Stress Created by Security Automation Tools

logo_favicon_144.pngBurdened by False Positives, Security Analysts Report Increased Stress Created by Security Automation Tools>
CPO Magazine – Scott Ikeda
According to a new report from IDC and FireEye, security analysts report significant increased stress on the job driven by the fear of missing alerts. The central issue is the increased amount of false positives generated by security automation software, leading to âalert fatigueâ among the security team as each alert could represent a devastating threat yet there is not enough time to manually address them all.

The report finds that 45% of the thousands of alerts that security analysts receive daily are false positives, and unsurprisingly 35% of the organizations surveyed report that they are ignoring some of them when queues get too full. This is not due to a lack of diligence, however; almost 75% of the security analysts surveyed say that they worry about missing an incident due to failure to respond to an alarm, and 25% say that they worry âa lotâ about this possibility. A Ponemon Institute study suggests that the average cost of a mishandled incident is about $3.86 million. Only 8% of respondents reported not worrying at all about missed alerts. Only 30% of organizations say that they have recruited more security analysts in response to the increased volume of alerts generated by security automation tools. And only about 50% have added machine learning tools that automatically investigate alerts to the organizationâs deck of security measures. Service providers find that 53% of their alerts turn out to be false positives, as compared to 45% for IT security managers and analysts. Service providers are most concerned about automating internal and external reporting (28%) and alert response (11%). IT security analysts would prefer to automate detection measures (18%) and triage (9%). FireEye sees an expanded scope of security automation, to include alert screening and response, as increasingly becoming a necessary norm rather than an optional luxury. Even if false positives can be entirely weeded out by a good machine learning tool, the number of legitimate cyber attack attempts has soared with the changes brought on by the Covid-19 pandemic.
Link: https://www.cpomagazine.com/cyber-security/burdened-by-false-positives-security-analysts-report-increased-stress-created-by-security-automation-tools/

Categories:

Tags: