Illustrating the Cybersecurity Alert Deluge [infographic]

alert deluge

A false positive is a cybersecurity alert that suggests an incident is underway where none actually exists.  By comparison, a trivial true positive is an alert that is technically true, but largely irrelevant.

Which one is worse?  In the grand scheme, it may not matter as both deplete the finite time and resources available to the security operations center (SOC) to triage, prioritize and investigate the deluge of alerts.

As the infographic nearby illustrates, many SOCs face an overwhelming volume of cybersecurity alerts.  One study found larger enterprises encounter “1.3 million vulnerabilities every 30 days” and “64% of threat alerts are not addressed each day.”

Another study found more than half of security pros “are forced to ignore security alerts worthy of further investigation because they don’t have the staff and expertise to handle them.”

This is an age-old problem in cybersecurity that’s complicated when large organizations have multiple tools that do not integrate or communicate with each other and yet add to the alert deluge.

At Bricata, we believe the answer rests in understanding the context of a security alert. This means understanding a threat from multiple perspectives, and enriching security alerts with network metadata that helps the SOC understand behavior for example.

The complete infographic is embedded nearby.


Download our new eBook: Preventing Attacks from Spreading
Get the tips you need to raise your game in defending against unknown threats.


If you enjoyed this post, you might also like:
Morphing Network Security: 5 Takeaways from an SC Media Webinar

Back to Blog

Bricata Included as a Representative Vendor in the Inaugural Market Guide for Network Traffic Analysis by Gartner, Inc.
“Applying behavioral analysis to network traffic is helping enterprises detect suspicious traffic that other security tools are missing,” wrote Gartner analysts.
+ +