Cybersecurity - So many needles. One giant haystack.
By Staff Writer 26 October 2022 | Categories: feature articlesCyber security is exhausting. It keeps worried security analysts awake at night – will there be a zero-day that they couldn’t have predicted? Will someone use a terrible password that leads to a terrible hack? It also constantly harasses security operations centres (SOCs) and security teams with alerts. Endless false positive security alerts that introduce a whole new realm of fatigue – the tiredness that comes with too many alerts warning of a potential breach and few actually being true. As Stephen Osler, Co-Founder and Business Development Director at Nclose, explains, it is tsunami-level waves of information coming from different tools and logs and platforms and the sheer scale of these alerts and data make up the proverbial cyber security haystack.
“The trick…,” he says. “…is to find the needle. Security teams look at volumes of data from different sources, each one pumping out different logs and alerts. Every keystroke, every click on an icon, every moved file creates another log entry. Now take this concept and multiply it across hundreds of endpoints, people, and servers, each one generating logs, each one stacking on top of one another. It’s a ton of information. Now, ask security to find the alert that’s a bona fide security threat in amidst all that data. There’s your needle.”
This is a significant data burden that inevitably causes alert fatigue as inherent security technology is largely ineffective at the point of early detection. Most systems detect so many false positives that it’s close to impossible for security teams to keep up. The goal is to find a smart way of finding the needle in the proverbial haystack. This starts with addressing the two opposing forces of the cyber security industry. On the one side is the ticking of every box on the security management console to ensure the system can identify any potential attack. The other side is creating so much noise where the alerts generate so much fatigue that the real ones slip past the burned-out defences, or where there are not enough resources and manpower to manage those defences.
“The trick is to find the happy medium,” says Osler. “Do you switch off all the alerts or do you tune them in such a way as to reduce the amount of noise without impacting the capabilities of the technology? You need to ensure that your security tech can detect the security incident without drowning skilled security teams under the deluge of data. This is the optimal approach, where you tune your alerts to make less noise but they are more effective at detecting incidents. This is perhaps more defensive aggression, where the fine line between alert fatigue and defensive regression is drawn by tight customisation and consistent awareness.”
That said, it’s hard for companies to focus on this line when security teams are not just dealing with alerts. They’re also managing teams, unexpected risks and incidents. This is where it has become invaluable for companies to collaborate and partner with third-party cyber security experts that have the skills and the fortitude to reduce the size of the haystack and find the security needles within it.
As McKinsey points out, CISOs, security teams and systems are under siege right now, and this is the right time for companies to partner with cyber security companies that have proven value and expertise. Companies that can reliably help them clamber over the security obstacles and keep the business on its feet. The research firm also underscored, in a recent analysis of cyber security trends and threats, that skill gaps are simply growing wider, and that smart moves to overcome the breadth and depth of attacks with a shrinking talent pool are to embed security in technology and look to organisations that can help them deploy security capabilities.
There are multiple approaches that can help an organisation shift the needle in a haystack dialogue towards a more controlled and concise security solution that mitigates fatigue while enhancing security hygiene. This can be achieved in-house, but will definitively benefit from a safe pair of security hands that’s entirely dedicated to threat hunting, detection, and building customised defences that only go Ding! when they have to…
Most Read Articles
Have Your Say
What new tech or developments are you most anticipating this year?