Does a Hybrid Model for Vulnerability Management Make Sense?

How to Fix Security Alert Fatigue (And Yes, it is real)
Read full Whitepaper

Alert Fatigue’ Can Lead To Missed Cyber Threats And Staff Retention/Recruitment Issues. Here’s what happens: Frequent alerts about cybersecurity threats can lead to “alert fatigue” which numbs the staff to cyber alerts, resulting in longer response times or missed alerts. The fatigue, in turn, can create burnout in IT departments, which then results in more turnover among the staff. When replacement personnel are hired, the cycle begins again.” (Forbes, 2021) 

The Security Alert Fatigue Problem is Real 

 

According to a recent Dimensional Research report (2020), “56% of Large Companies Handle 1,000+ Security Alerts Each Day. And yearoveryear the problem is getting worse. “Seventy percent said the volume of security alerts they receive on a daily basis have more than doubled in the past five years.” Naturally this puts stress on the security staff. Most (93%) said they cannot address all alerts in the same day. This exponential growth in the sheer volume of alerts and the staff shortages to manage them all contribute to alert fatigue. Alert fatigue has now become widespread across enterprise security teams – “83% said staff has alert fatigue.” (Dimension Research Report 2020) 

 

Five Practical Steps to Beating Alert Fatigue 

There is light at the end of the tunnel. Recent innovative approaches and technologies can help alleviate the causes of alert fatigue at the source. Here are five practical steps you can take today: 

 

  1. Take Out the False Positives – The bad news is that while automated scanning tools have dealt with the problem of identifying vulnerabilities at scale, they have also created the alert and noise problem. Automated tools cannot rule out the false positives so manual validation is still necessary. Fortunately, there is a new breed of Vulnerability Management platforms that offer integrated expert vulnerability assessments. They can assure virtual false-positive free alerts, preventing additional strain on your internal security staff. This hybrid model integrates both automation and human validation. Alert fatigue is too often accepted as status quo, but it does not need to be. In 2022 there is no reason for any team to spend limited resources on chasing false positives. 
  1. Aggregate Your Alert Dashboards – While automated scanning tools have evolved, they continue to be siloed, IT layer-specific point solutions each with their own specific alert dashboard. Its far less efficient and more time consuming to constantly scan and analyzing multiple dashboards. It also takes more effort to compile aggerated reports on your total security posture to deliver to management. Even worse than sucking staff bandwidth – and assuming you do have adequate staff – this lack of efficiency and increased time can slow the actual remediation time.  But again there is no reason in 2022 you have to live with multiple alert dashboards and allow it to impact your remediation times. Again, there are innovators that have consolidated one single dashboard of truth for each layer of the IT stack to make Alert Management much more efficient and lower your remediation times.  
  1. Contextualize – Deciphering which vulnerabilities have the largest business impact and need immediate attention can also create alert fatigue. Standards are shifting to pre-built technologies that contextualize each alert based on what business impact it may have on your organization. Its far more efficient to see the most significant risks on a single dashboard and immediately perform strategic remediation actions. 
  1. Closure Through On-Demand Pentests – Another dimension to alert fatigue is at the validation level. When a pentest is performed and the fix on the vulnerability is validated, one wants to be confident that it is in fact resolved. To achieve this, one should confirm that the pentesters themselves are in fact seasoned security professionals and they are familiar with your business processes and how your security posture provides resilience within the context of your operations. To reduce turnaround times and ensure continuous coverage, enterprises are moving to on-demand Penetration Testing as a Service (PTaaS) models. 
  1. Pivot from Alert Fatigue to Remediation Superstars – According to the 2022 Edgescan Stats Report, the mean time to remediate (fix code) at critical risk at the Web Application/API layer is 47.6 days and the mean time to remediate (patch/reconfigure) Device/Host Layer Critical Risk is 61.4 days.  You want to focus on fixing things and fixing them quickly.  To pivot your team from alert-fatigued soldiers to resilience enablers, you will need to shift focus from collating and validating results to remediation. And there are practical steps you can take to achieve this. Perhaps the most important step is to integrate the intelligence and remediation guidance into the workflow and support systems of your IT staff. This ensures that your accurate guidance will be in the hands of the support staff to resolve these issues and will lower the overall remediation time. The good news is that the industry is pivoting to vulnerability tracking tools that come pre-built with integrated hooks into common support systems to make this integration that much easier. 

 

In Summary – The Pivot from Fatigued Soldier to Dragon Slayer 

As the scale of automated tools has risen, so has the number of erroneous alerts per week. Just by taking action on these five basic steps, your team can recover from alert fatigue. The difference on staff psychology will be game-changing. 

 

Want to learn more about Avoiding Alert Fatigue? Click the button below to read Does a Hybrid Model for Vulnerability Management Make Sense? 

Why is the VM Industry Proliferated with Point Solutions?

It seems almost obvious that a single, composite view is superior to a layered approach. So one must ask – Why is the industry proliferated with the point solution approach?   How Did We Get Here? The most straight-forward explanation is simply the fact that the...

CISA 101 for Enterprises – Why CISA Matters

What is CISA? CISA stands for the Cybersecurity and Infrastructure Security Agency (CISA) and it leads the United States national effort to understand, manage, and reduce risk to American cyber and physical infrastructure. Its vision is to achieve a secure and...

Effective Attack Surface Management – Three Steps to Overcoming the Challenge of API Vulnerabilities

The enterprise attack surface is a continuous challenge for any Vulnerability Management (VM) Program. Not only is it constantly changing, its continuously evolving. Anything facing public internets including Cloud deployments, Data Centers, Firewalls, IOT Devices,...

What Exactly is an Evolving Attack Surface and Why Does it Matter?

An evolving attack surface is a very evocative phrase. It almost suggests a science fiction-type futuristic world where menacing aliens have the power to morph your protective barriers and leverage them for easy access to your internal, unprotected assets. However, in...

How to Make Your IT and Operations Team Security Remediation Superstars

Necessary Links for a Necessary Chain  The best efforts of an enterprise IT and Operations team can be completely undone by one hacker leveraging one vulnerability at one given moment in time. IT and Operations should be very motivated to make sure they continuously...

How to Fix Security Alert Fatigue (And Yes, it is real)

The Security Alert Fatigue Problem is Real  According to a recent Dimensional Research report (2020), “56% of Large Companies Handle 1,000+ Security Alerts Each Day.” And year–over–year the problem is getting worse. “Seventy percent said the volume of...

How To Make Your Vulnerability Alerts Virtually 100% False-Positive Free

An Alarming Status Quo  For those outsides of the enterprise cyber security community, it can seem strange to even imagine that experienced security professionals live in a world where managing the noise associated with false-positive alerts is a daily and significant...

Five Ways You Can Make Your Vulnerability Management (VM) Program Smart Now

So you are convinced that your need to adopt a “Smart” Vulnerability Management (VM) approach but you are not quite sure how to get started or even what to shoot for. Here are Five Very Important Steps you need to take to bring on the “Smart”.    Number 1 –...

Five Simple Ways to Know if Your Vulnerability Management Program is “Smart”

Do you think you have an optimal Vulnerability Management (VM) Program set up or perhaps, you are not so sure? Well, we have the test for you. Here are Five Indicators you need to be able to check off before you can say your VM Program is “Smart”:   Smartness...

Five Reasons You Need to Embrace “Smart” Vulnerability Management Today

You may have taken the initial steps and deployed automated scanning tools for your Vulnerability Management program (VM) only to find out that they generate a lot of noise and do not offer business context nor remediation guidance. Furthermore, the overhead to...