Are Your Security Automation Tools Constantly Crying Wolf?

Contact Us

Are Your Security Automation Tools Constantly Crying Wolf?

Everyone knows the fable of The Boy Who Cried Wolf. A shepherd boy repeatedly tells the villagers that a wolf is attacking the flock, so no one believes him when he calls for help in a real wolf attack. The wolf devours the sheep and, in some versions of the story, the boy. It’s a cautionary tale about false alarms that applies to today’s automation tools.

In a recent survey of senior cybersecurity professionals conducted by Opinion Matters, 68 percent of cybersecurity professionals said that security automation is somewhat or very important to their organizations. Almost all (98 percent) said they are increasing their security automation budgets. However, 97 percent reported barriers to achieving their automation objectives.

Alert fatigue is a common problem. A recent report by Trend Micro found that 51 percent of security pros feel overwhelmed by the number of security alerts they receive. In addition, 55 percent said they don’t feel confident in their ability to prioritize alerts.

Like crying wolf, alert fatigue can have real consequences. The far-reaching supply chain attack on Voice over IP vendor 3CX was not caught quickly because the company’s security team had been desensitized by the frequent false positives generated by their security tools.

Interested In Learning More?

Security Automation 1.jpg

The Problem of Alert Fatigue

Security automation provides greater visibility in your environment and the ability to generate alerts when threats are identified. If automation tools aren’t properly tuned, however, they will generate alerts on all sorts of things you don’t need to know about. Your IT security team will very quickly decide that the automation tools are crying wolf and wasting their time.

The security environment must also be kept up-to-date as the threat landscape changes. When the security vendor issues updates, they should be applied promptly and the system should be tuned again.

Even if alerts are valid, your team won’t necessarily know what to do with them unless they have runbooks to follow. Runbooks are a high-level set of procedures your staff should walk through when they see a particular alert ID number. The first step is always to determine whether the alert points to a real threat. If it does, the runbook details the next steps your team needs to take to neutralize the threat and prevent it from affecting other systems within your environment.

Runbooks are very specific to each alert and to the particular applications the threat is targeting. And those runbooks have to be kept up-to-date along with your security tools.

Security Automation 2.jpg

How DeSeMa Can Help

DeSeMa’s expertise in security automation and tuning is incredibly deep. We sit on several security guidance councils that beta test updates for vendors before they are released to the marketplace. This enables us to update and tune our security systems rapidly as new threats emerge.

When you utilize our managed services, you can rest assured that your environment is protected by the latest updates and some of the most experienced security pros in the business. For example, our fully managed endpoint services provide advanced protection against escalating endpoint attacks.

Our team can also come in and help your team tune your environment, keep it continually tuned and help you develop runbooks to guide your team through threat mitigation. Again, our early access to security tool updates helps you stay ahead of emerging threats.

Security environments must be constantly updated and tuned to ensure that your team receives only actionable alerts. Your team also needs up-to-date runbooks to help them respond effectively. DeSeMa can help you minimize false positives so your security story has a happy ending.

Get Started Today!

Contact Us