Page 26 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 26
As we start to emerge from the pandemic, security infrastructure isn’t getting any simpler and alert
volumes aren’t getting any easier to manage.
According to a recent survey of nearly 400 security operations professionals (commissioned by
Siemplify), 42% report that their alert volumes are higher now than before the pandemic, while 51% say
investigating suspicious activities has become a much bigger challenge in remote and hybrid
environments.
Unfortunately, a number of factors threaten to add to the problem of alert fatigue in the near-term. These
include but are not limited to the normalization of remote and mobile workforces, the rise of state-
sponsored malware and hacks related to Russia’s invasion of Ukraine, and easy access to and
automation of sophisticated hacking tools. At the same time, entire classes of threats are on the rise,
including critical infrastructure attacks, ransomware, cloud storage leaks, and business email
compromise attacks (BECs).
Thus, the volume of alerts will continue to rise and so too will the probability that your security team will
eventually miss something critical, leading to a hack, a costly data breach, or some other negative
outcome.
Unfortunately, another thing on the rise in parallel to alert overload is the cost of those negative outcomes.
For instance, IBM and the Ponemon Institute’s annual “Cost of a Data Breach Report” found that the cost
of an average data breach rose from $3.86 million in 2020 to $4.24 million in 2021, the highest average
total cost in the 17-year history of the report.
How Microsoft Tackles Alert Fatigue
One shortcut to reducing alert fatigue is through vendor consolidation. For instance, for those
organizations already dependent on Microsoft productivity tools and Azure Cloud, it makes sense to
consolidate on that platform.
Soon after investing heavily in its Azure cloud platform, Microsoft also saw the need to tightly integrate
security into its cloud stack, rather than layering it on afterwards. Thus, in recent years, Microsoft has
invested $1 billion in security development, and their investment has already earned recognition from
top-tier industry analysts. For instance, research firm Gartner lists Microsoft as a “leader” in a number of
its Magic Quadrant reports, including end point protection, access management, CASB, and more.
Microsoft has also mapped out a strategy to avoid alert fatigue, a strategy that can help your organization
regain control over alert flows.
Microsoft recommends adopting technologies such as Artificial Intelligence (AI) and Machine Learning
(ML) to help find signal in the alert noise. Organizations should automate as many error-prone, repetitive
tasks as possible in their SOCs, maintain up-to-date watch lists to prioritize activities from known bad
actors, and adopt cloud-native solutions for better integration.
For organizations already struggling with limited IT resources, however, there are a few other steps you
can follow to mitigate alert fatigue. The seven steps outlined below will help your organization alleviate
26