How to Manage ‘Alert Fatigue’ in Cloud Security
What is ‘alert fatigue’?
Alert fatigue is a common problem for cybersecurity professionals. Security teams receive an average of 174,000 alerts every week - and must sift through them to eliminate duplicates, prioritize, and manage these alerts to ensure that data security is maintained[1].
The sheer volume of requests means that resources are stretched too thin to effectively address security issues as they arise. 79% of survey respondents said that the mean time to respond (MTTR) to a security issue is over 4 days, due in large part to a lack of qualified personnel to address security alerts when they occur.
Because of this, organizations are often tempted to invest in security tools or software that promises to help with the issue of alert fatigue. Enterprises maintain an average of 19 different security tools which often, instead of helping to resolve alert fatigue, actually add to the problem by duplicating alerts[2]. In fact, 71% of IT professionals report that the time they spend managing security tool sprawl detracts from their ability to effectively solve security issues.
The lift-and-shift method of cloud adoption has also contributed to the number of security vendors engaged by a business. Often, when an application was migrated to the cloud, the security solution was migrated alongside the application that it served on-premise.It can be difficult to dedicate resources to evaluating solutions that are already in place.
How can organizations combat alert fatigue?
To combat alert fatigue, businesses need to invest in a security solution that is comprehensive, specific, and contextual. Comprehensive, to eliminate the duplication of alerts that drives the volume of alerts higher; and also to eliminate vendor sprawl that channels resources away from critical security issues. Specific, to ensure that issues are easily categorized into different priorities, so that the more urgent problems are addressed immediately. And contextual, so that security teams understand the issue within the security environment as a whole.
“Traditionally, security teams would employ an agent that would have to be installed on every instance separately. But the exponential growth of the cloud made agent-based security solutions challenging to monitor and maintain.”
Alert fatigue is a serious problem for security teams, adding to backlog, stress, and insufficient resources. To combat alert fatigue, and prepare for future cloud growth, look for a solution that not only helps eliminate security vulnerabilities but that also reduces the overall number of alerts, and provides a method for prioritizing the rest.
[1] https://www.infosecurity-magazine.com/news/174000-alerts-per-week-besiege/
[2] https://www.helpnetsecurity.com/2021/03/22/security-tools-increase/