Thursday, February 9, 2023
LetsAskBinu.com
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things
No Result
View All Result
LetsAskBinu.com
No Result
View All Result
Home Cybersecurity

XDR and the Age-old Problem of Alert Fatigue

Researcher by Researcher
January 7, 2023
in Cybersecurity
0
High-Severity Flaw in Argo CD is Information Leak Risk
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


XDR’s fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture

According to 451 Research’s M&A Knowledgebase, cybersecurity M&A activity in 2021 reached an all-time high total deal value of $74.1 billion. Contributing to that growth, extended detection and response (XDR) went from zero to 28 deals in 19 months and is expected to drive continued M&A activity, with good reason. Extending its research into XDR, 451 Research recently found that XDR is now the most frequently reported area of augmentation to SIEM/security analytics with 43% of respondents citing it as the top technology to combine with these core security operations technologies. 

Augmentation is the key word. The SIEM is already aggregating logs and events from different tools and creating its own alerts. Augmenting with XDR to gain broader visibility across the enterprise is a good thing because bad guys use gaps to their advantage. But the unintended consequence is that the number of alerts is increasing by an order of magnitude. It’s not surprising then, that these survey respondents also say they still struggle with alert overload; on a typical day, 48% of alerts go uninvestigated, up from 41% in the prior year’s survey. Alert fatigue has plagued security analysts for years. Adding more detections in more areas exacerbates the problem. 

To reverse the trend, we need to think about XDR as an architectural approach, not a solution. When XDR is defined as an open platform focused on integration and automation, analysts can quickly connect the dots, understand what’s happening across their environment and determine whether or not an alert should be escalated to incident response. 

First Things First: Integration. 

An XDR architecture must support integration to any tool the enterprise has, including all internal data sources – the SIEM system, log management repository, case management system and security infrastructure – on premise and in the cloud. It must also integrate with the multiple external data sources organizations subscribe to – commercial, open source, government, industry and existing security vendors, as well as with frameworks like MITRE ATT&CK. Integration with RSS feeds, research blogs, news websites and GitHub repositories helps analysts keep up with new information that provides additional context to further inform alert triage.

In addition to enabling data flow and enrichment with context, integration also breaks down the silos teams operate within so they can see the big picture of what is truly happening across the environment and investigate further. Integration with and across existing tools enables visibility, collaboration and deeper understanding. Teams can work together using tools they are already comfortable with to make better decisions faster.

Automation Comes Next.

Integration is a core attribute of an XDR architecture. But the ability to bring data together and break down silos is not enough. Automation is also required because analysts simply can’t make sense of all this data on their own. Yet, while a global survey (PDF) found that confidence in security automation is rising, only 18% of respondents are applying automation to alert triage. This is a missed opportunity because the repetitive, low-risk, time-consuming tasks of alert triage – like internal and external data normalization, correlation, contextualization, and prioritization – are prime candidates for automation. 

Automation simplifies the work of alert triage by reducing noise and false positives and enabling teams to quickly tap into the richness of all available data to get a comprehensive view of what is going on. Based on parameters they set, teams can get to the alerts that matter faster and, thanks to integration, relevant data can be presented on a single screen so it’s easier and faster for analysts to conduct investigations, detect malicious activity across the enterprise and accelerate resolution.

XDR seems destined to be core to security infrastructure for the foreseeable future. But its fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture. Otherwise, it’s just one more tool that adds to the volume of alerts we couldn’t handle before, and does not break down silos and enable collaboration, decision-making and response across the organization. That’s certainly not the consequence anyone intended for XDR and there’s too much at stake to let that happen.

view counter

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies, including Valtix.

Previous Columns by Marc Solomon:
Tags:



Source link

Related articles

New cybersecurity data reveals persistent social engineering vulnerabilities

New cybersecurity data reveals persistent social engineering vulnerabilities

February 9, 2023
New ToddyCat APT Targets Exchange Servers

Fortra Patches Actively Exploited Zero Day in GoAnywhere MFT

February 8, 2023
Tags: AgeoldalertfatigueProblemXDR
Share76Tweet47

Related Posts

New cybersecurity data reveals persistent social engineering vulnerabilities

New cybersecurity data reveals persistent social engineering vulnerabilities

February 9, 2023
0

Ransomware was down last year, though LockBit led threat actors and employees opened a third of the toxic emails in...

New ToddyCat APT Targets Exchange Servers

Fortra Patches Actively Exploited Zero Day in GoAnywhere MFT

February 8, 2023
0

Several days after news of exploit attempts against a zero day vulnerability in the GoAnywhere MFT secure file transfer tool...

The New Frontier of Data Security: Exploring the Potential of Quantum Random Number Generators (QRNGs) | by Binu Panicker | Feb, 2023

The New Frontier of Data Security: Exploring the Potential of Quantum Random Number Generators (QRNGs) | by Binu Panicker | Feb, 2023

February 8, 2023
0

World’s fastest real-time quantum random number generator with a photonic integrated chip. Credit: Bing Bai and Yao ZhengThe world of...

Sentra Raises $30 Million for DSPM Technology

Germany Appoints Central Bank IT Chief to Head Cybersecurity

February 8, 2023
0

The German government announced the appointment Tuesday of the European Central Bank’s head of IT systems to lead the national...

Metaverse Adds New Dimensions to Web 3.0 Cybersecurity

Metaverse Adds New Dimensions to Web 3.0 Cybersecurity

February 8, 2023
0

With more companies investing in Web 3.0 this year, including blockchain, gaming and the metaverse, the cat and mouse game...

Load More
  • Trending
  • Comments
  • Latest
This Week in Fintech: TFT Bi-Weekly News Roundup 08/02

This Week in Fintech: TFT Bi-Weekly News Roundup 15/03

March 15, 2022
QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

March 15, 2022
Supply chain efficiency starts with securing port operations

Supply chain efficiency starts with securing port operations

March 15, 2022
A first look at threat intelligence and threat hunting tools

A first look at threat intelligence and threat hunting tools

March 15, 2022
Beware! Facebook accounts being hijacked via Messenger prize phishing chats

Beware! Facebook accounts being hijacked via Messenger prize phishing chats

0
Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

0
Remote work causing security issues for system and IT administrators

Remote work causing security issues for system and IT administrators

0
Elementor WordPress plugin has a gaping security hole – update now – Naked Security

Elementor WordPress plugin has a gaping security hole – update now – Naked Security

0
Google’s AI Chatbot Is Out To Rival ChatGPT

Google’s AI Chatbot Is Out To Rival ChatGPT

February 9, 2023
New cybersecurity data reveals persistent social engineering vulnerabilities

New cybersecurity data reveals persistent social engineering vulnerabilities

February 9, 2023
New ToddyCat APT Targets Exchange Servers

Fortra Patches Actively Exploited Zero Day in GoAnywhere MFT

February 8, 2023
“Fintech Right Now is a Boys Club” – How to Close the Gender Gap in Fintech with Stax

Spotlight: How the Isle of Man Became an Insurtech Hub

February 8, 2023

Recent Posts

Google’s AI Chatbot Is Out To Rival ChatGPT

Google’s AI Chatbot Is Out To Rival ChatGPT

February 9, 2023
New cybersecurity data reveals persistent social engineering vulnerabilities

New cybersecurity data reveals persistent social engineering vulnerabilities

February 9, 2023
New ToddyCat APT Targets Exchange Servers

Fortra Patches Actively Exploited Zero Day in GoAnywhere MFT

February 8, 2023

Categories

  • Cyber Threats
  • Cybersecurity
  • Fintech
  • Hacking
  • Internet Of Things
  • Malware
  • Networking
  • Protection

Tags

Access attack Attacks banking BiWeekly bug Cisco cloud code critical Cybersecurity Data Digital exploited financial Fintech Flaw flaws Google Group Hackers Krebs Latest launches malware Microsoft million Network News open patches Payments platform Ransomware RoundUp security Software Stories TFT Threat Top vulnerabilities vulnerability warns Week

© 2022 Lets Ask Binu All Rights Reserved

No Result
View All Result
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things

© 2022 Lets Ask Binu All Rights Reserved