Illustrating the Cybersecurity Alert Deluge [infographic]

alert deluge

A false positive is a cybersecurity alert that suggests an incident is underway where none actually exists.  By comparison, a trivial true positive is an alert that is technically true, but largely irrelevant.

Which one is worse?  In the grand scheme, it may not matter as both deplete the finite time and resources available to the security operations center (SOC) to triage, prioritize and investigate the deluge of alerts.

As the infographic nearby illustrates, many SOCs face an overwhelming volume of cybersecurity alerts.  One study found larger enterprises encounter “1.3 million vulnerabilities every 30 days” and “64% of threat alerts are not addressed each day.”

Another study found more than half of security pros “are forced to ignore security alerts worthy of further investigation because they don’t have the staff and expertise to handle them.”

This is an age-old problem in cybersecurity that’s complicated when large organizations have multiple tools that do not integrate or communicate with each other and yet add to the alert deluge.

At Bricata, we believe the answer rests in understanding the context of a security alert. This means understanding a threat from multiple perspectives, and enriching security alerts with network metadata that helps the SOC understand behavior for example.

The complete infographic is embedded nearby.


Download our new eBook: Preventing Attacks from Spreading
Get the tips you need to raise your game in defending against unknown threats.


If you enjoyed this post, you might also like:
Morphing Network Security: 5 Takeaways from an SC Media Webinar

Back to Blog

Bricata and Garland Technology Announce Partnership
Technology Partnership delivers total network visibility and threat hunting to accelerate detection and response
+ +