Six best practices for managing cyber alerts
Security professionals know that the number of cyber alerts is growing at a frantic pace. Even a mid-sized company can face tens of thousands of alerts every month. As the 2011 Target breach demonstrated, failing to investigate alerts adequately and responding to them effectively can have serious consequences for a business as well as its customers.
Ignoring alerts is not an option, so how can busy professionals help their staff members manage the increasing volume without jeopardizing the security of the organization? Here is a list of six best practices that can help.
1. Automate, collaborate and streamline responses
By automating responses to routine issues, security analysts have more time to devote to priority issues that present the most risk to the company. Security analysts are then free to focus on keeping the company secure rather than manually processing tickets, assigning them and tracking progress.
Automating collaboration allows senior staff members to provide additional training to new hires in a relaxed, productive manner. Bottom line: All staff members become more efficient with automation and collaboration.
2. Guard against employee fatigue
Every day, three staff members face 300 or more alerts, according to a study by the industry analyst firm IDC. The study also found that 500 hours per month were spent responding to alarms at more than 35 percent of the respondents’ companies. In short, security professionals are exhausted, giving hackers an unfair advantage.
Hiring more security staff is not always a solution. Instead, a well-organized team focused on priority issues ensures the least amount of burn-out. For smaller companies, partnering with an outside managed security services provider may be the best approach.
3. Harness the power of big data for behavioral analytics
Analytics that detect suspicious activity without assigning priorities are yielding to behavioral analytics that use historical data to determine what is normal for the company.
4. Develop an incident response plan and keep it updated
Be sure to include procedures for handling false positives, duplicates, and assigning alerts to staff members for evaluation and tracking progress. Automation saves significant time in these areas, but the plan should also define the types of incidents to be handled by key personnel.
5. Automate the common analysis of logged activity
An alert may not signify an infection. But, the only way to know if a device is infected is to correlate the alert with additional logged activity and look at other sources of information like threat feeds. By the time the step has been handled manually, the infection could worsen. Automating this step alone could save many hours of work for every alert handled by a staff member.
6. Remember the human factor
Experts estimate that 95 percent of all data breaches can be attributed to human error or recklessness. Ensuring that users are properly trained on security measures may help reduce the number of alerts. However, it’s also crucial that staff members receive proper training that stresses the importance of investigating all alerts. Security experts who feel overworked and unappreciated may develop a belief that they only need to investigate a small part of the alerts to fulfill their obligations.
Hackers will always be on the cutting edge of technology. And attacks will continue to increase across all organizations, both large and small. Therefore, developing an effective strategy for handling alerts will ensure future scalability when dealing with the volume generated.