Illustrating the Cybersecurity Alert Deluge [infographic]

alert deluge

A false positive is a cybersecurity alert that suggests an incident is underway where none actually exists.  By comparison, a trivial true positive is an alert that is technically true, but largely irrelevant.

Which one is worse?  In the grand scheme, it may not matter as both deplete the finite time and resources available to the security operations center (SOC) to triage, prioritize and investigate the deluge of alerts.

As the infographic nearby illustrates, many SOCs face an overwhelming volume of cybersecurity alerts.  One study found larger enterprises encounter “1.3 million vulnerabilities every 30 days” and “64% of threat alerts are not addressed each day.”

Another study found more than half of security pros “are forced to ignore security alerts worthy of further investigation because they don’t have the staff and expertise to handle them.”

This is an age-old problem in cybersecurity that’s complicated when large organizations have multiple tools that do not integrate or communicate with each other and yet add to the alert deluge.

At Bricata, we believe the answer rests in understanding the context of a security alert. This means understanding a threat from multiple perspectives, and enriching security alerts with network metadata that helps the SOC understand behavior for example.

The complete infographic is embedded nearby.

__________________________________________________________________________

Download our new eBook: Preventing Attacks from Spreading
Get the tips you need to raise your game in defending against unknown threats.
__________________________________________________________________________

 

If you enjoyed this post, you might also like:
Morphing Network Security: 5 Takeaways from an SC Media Webinar

Back to Blog


Bricata Included as a Representative Vendor in a new Market Guide for Intrusion Detection and Prevention Systems by Gartner, Inc.
“IDS is still a widely deployed use case. Despite claims of IDS being dead, it is alive and well, and in use by a large percentage of Gartner clients,” wrote Gartner analysts.
+ +