Page 27 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 27
alert fatigue in a way that should align with initiatives already underway, such as digital transformation
and cloud migration.
7 Ways to Mitigate Alert Fatigue
1. Consolidate security tools and vendors
Managing multiple security tools from multiple vendors becomes much easier if you take a platform
approach to security and then build on that platform with best-in-class tools from the same vendor and/or
its vetted partners.
At my company Difenda, we decided to build our SecOps-as-a-Service around Microsoft security tools
not only because so many of them are best in class, but also because we believe that a consolidated
security approach is the only way to keep ahead of the problems created by an increasingly complex
threat environment.
Consolidated security stacks from single vendors and their certified partners will provide you with a unified
dashboard that makes it easier to correlate various alerts, while also making it less likely that
interoperability will undermine your defenses.
2. Integrate that which cannot be consolidated
Whatever vendor you decide to use as the foundation of your security stack – Microsoft or otherwise –
should be one with robust protections against a range of threats that also integrates easily with other
tools, offering your organization an easy way to pull other alerts from third-party tools into a unified
dashboard. Ideally, AI or ML capabilities will then automatically correlate those alerts with those from the
rest of your security stack.
Look for certified partners who have been tested for interoperability, and in the rare cases you need
something from outside of that ecosystem, be sure that the security tool offers open APIs. Before adopting
any new tools, it’s also a good idea to research what existing users have to say about “vendor lock” and
“lack of integration” before you commit to any new security vendors.
3. Embrace continuous security improvements
The core tenets of the agile software development movement apply equally well to security, especially
when it comes to reducing alert fatigue: prioritize individuals over tools, iterate quickly, receive and act
on real-world feedback quickly, and more.
One core tenet of agile is especially important for security: continuous improvement.
The security threat landscape and tools monitoring it will never stop evolving, so organizations will need
to adopt processes that enable them to adapt quickly to stay ahead of the threat curve.
27