Most organizations struggle to manage alerts and vulnerabilities: here’s how to fix it

We’re excited to bring Transform 2022 back in person on July 19 and pretty much July 20-28. Join AI and data leaders for insightful conversations and exciting networking opportunities. Register today!

Keeping up with modern threats isn’t easy, especially when your security team has to manage 11,000 alerts per day.

A new ESG study from Kaspersky, titled SOC Modernization and the Role of XDR, was published earlier this week and revealed that 70% of organizations struggle to keep up with the amount of alerts generated by security analytics tools.

Still, it’s not just the explosion of security alerts that hinders the productivity of security teams. It’s also the number of vulnerabilities discovered that is overwhelming – with 28,695 discovered last year alone – a number too high for even the most well-equipped security team to reduce.

In light of such a large number of emerging vulnerabilities, it’s no surprise that NopSec’s latest report shows that 70% of security professionals believe their vulnerability management program is only somewhat effective. So, how can organizations directly address these challenges?

Fix Warning Spread

For years, the sheer volume of alerts generated by security tools in the Security Operation Center (SOC) remained one of the biggest pain points security analysts face.

Analysts are often pressured to monitor dozens of tools, all of which generate their own unique alerts. Only a small fraction of these reports are useful and relate to active security incidents, while many are simply false positives.

Also Check:   FBR uploads income tax return forms for tax year 2022

Research shows that 45% of all daily security alerts are false positives, taking up so many contact hours that 75% of enterprises report that their organization spends as much or more time on false positives than on legitimate attacks.

When it comes to tackling alert proliferation, Sergey Solodatov, head of SOC at Kaspersky, says companies should use automation to optimize their detection and response processes.

“Automation at all stages of alert processing will help here,” Solodatov said. “For example, at our SOC we have a patented AI-powered auto analyst that learns from an analysis of the history of alerts processed by the SOC analyst team.”

He notes that the “automotive analyst” is the first line of Kaspersky’s SOC, which has helped halve the number of false positives sent to the company’s SOC team for analysis.

“For alerts to be processed by the SOC team, it is necessary to create tools for their automated processing, so that the SOC analyst can easily and quickly investigate the alert: quickly obtain the necessary additional information and visualization of attack phases”, said Solodatov.

Also Check:   Despite not having a senior ed academy, Gilkey is optimistic about the state's staffing gap closing

Climbing the mountain of vulnerabilities

When trying to keep up with the growing number of security vulnerabilities, the answer for enterprises may lie in risk-based priorities.

One of the key findings from NopSec’s report was that 58% of professionals say they do not use a risk-based rating system to prioritize vulnerabilities. These organizations have inefficient vulnerability management processes that fail to secure high-risk vulnerabilities first.

“The reality is that most organizations are drowning in an overload of vulnerabilities. Too many vulnerabilities, too little context and too little manpower lead to these ineffective programs,” said Lisa Xu, CEO of NopSec.

“Without the right kind of tool to provide real context and understand the thousands of vulnerabilities plaguing organizations, the battle is lost from the start,” said Xu.

For Xu, the answer is that organizations need to gather more context about the severity of the vulnerabilities present in their environment through the use of vulnerability management solutions with risk ratings.

This way, security teams can prioritize fixing critical vulnerabilities first, rather than patching systems on an ad hoc basis.

Taking SOC operations to the next level

Whether it’s managing alerts or vulnerabilities, across the board there is a strong need for security teams to pursue operational excellence. In practice, that means not only proactively mitigating and eliminating entry points to their environments, but also ensuring they have the intelligence and visibility necessary to detect intrusions.

Also Check:   Falling international fuel prices to lower inflation in Pakistan: Miftah Ismail

Kaspersky recommends that organizations encourage security teams to work in shifts in the SOC to avoid staff overload and division of tasks to reduce the risk of burnout.

At the same time, the organization recommends deploying threat intelligence services that provide low-maintenance intelligence feeds that integrate with existing security tools such as security information and event management systems (SIEM). This provides greater visibility into the threat landscape and helps automate the triage process.

These measures can then be combined with managed detection and response services (MDR) or comprehensive detection and response services (XDR) to ensure the organization has the processes in place to respond quickly to live incidents.

Ultimately, the answer to the sprawl of alertness and vulnerability is to work smarter instead of harder.

VentureBeat’s mission is to be a digital city square for tech decision makers to learn about transformative business technology and transactions. Learn more about membership.

This post Most organizations struggle to manage alerts and vulnerabilities: here’s how to fix it

was original published at “https://venturebeat.com/2022/07/01/manage-alerts-vulnerabilities/”

Leave a Comment