By Rodney Joffe, Senior Vice President, Senior Technologist and Fellow, Neustar
In the wake of increasing cybersecurity threats and data breaches, a whole host of network monitoring and threat intelligence tools have emerged to provide organizations with information on potential cybersecurity threats. However, many of these tools don’t effectively contextualize potential threats; they simply produce vast quantities of raw or general data that must then be analyzed.
This creates huge inefficiencies, with security teams struggling to separate the important information from the noise. Drowning in threat data and faced with a constant barrage of false-positive alerts, cybersecurity professionals are increasingly suffering from alert fatigue. In a survey of IT security professionals, the Cloud Security Alliance found nearly 32% admitted to ignoring alerts because so many were false positives. Additionally, more than 40% said the alerts they receive lacked actionable intelligence to investigate.
Alert fatigue could not only lead to overlooking a genuine threat, but it can also lead to employee burnout. This is a concern not just for the cybersecurity industry which is already significantly understaffed, but costs the employer in time it invested in that employee training plus the additional cost of finding and training a replacement.
Reducing alert fatigue and boosting job satisfaction
A 2018 report from McAfee revealed that only 35% of respondents to a recent survey of global cybersecurity professionals were “extremely satisfied” in their current job, and 89% would consider leaving if offered the right incentives — and many of those “right” incentives related to workload: shorter or more flexible hours and a lower or more predictable workload. In addition, the survey found that security professionals tended to view threat hunting and resolving threats as the most rewarding part of their job, while day-to-day monitoring and analysis of logs ranked near the bottom.
Considering the expanding threatscape and the serious shortage of qualified personnel to meet the industry’s needs, companies can take steps to offload the busywork of analyzing data and reorient their security teams to focus on more important tasks. A great way to alleviate these closely related problems — data overload, alert fatigue, and burnout — is to improve quality control on security data. Better threat data allows security professionals to concentrate on high-value activities, making these individuals more efficient and effective as well as boosting their job satisfaction.
Curated security threat data
To properly defend against cyberattacks and block potential threats, organizations need security threat data that is timely, actionable, contextual to their industry and business— and that can provide the right insight into what is happening on their networks. In short, enterprises need curated threat data.
Informed by a broad view of global networks, combined with behavioral analysis and pattern-based research, a data curator can provide highly contextualized, hyper-relevant and actionable insights into malicious activity via machine-readable threat data that can be ingested directly into an organization’s existing analytics platforms. By removing the grunt work of data contextualization, a curator removes much of the noise from the process, equipping network and application security tools with improved real-time awareness of active threats and enabling security analysts to direct their time and attention to the most relevant information.
Minimizing risks such as spam and phishing attempts, strengthening brand protection through monitoring suspicious web traffic, and safeguarding against activities such as suspicious DNS tunneling attempts can all be mitigated with access to curated security data. Benefits include the ability to preventively block threats at the network and application layer; improved monitoring and alerting of true positive deceptions, reducing the time spent researching false positives; and limited dwell times of infiltrations, speeding up detection and remediation.
Cybersecurity professionals are drowning in threat data, suffering from alert fatigue and burning out at an unprecedented rate, even as the demand for their expertise continues to rise amid a growing skills shortage. In turn, organizations don’t have the time, resources or manpower to monitor the entirety of the threat ecosystem for potential security threats. In a threatscape in which malicious actors are constantly shifting their strategies and attack vectors, enterprises must have a way to achieve data reduction without losing fidelity. Rather than playing whack-a-mole by responding to false-positive alerts, enterprises must maximize the efficiency and effectiveness of their security teams and enable them to counter the threats that matter most right now. The key — and the future of threat intelligence — is curated, actionable threat data.
About the Author
Rodney Joffe serves as a Neustar Senior Vice President and is a Senior Technologist and Fellow. His accomplishments include founding the first commercial Internet hosting company, Genuity, as well as the first outsourced and cloud-based Domain Name System (DNS) company, UltraDNS, where he invented Anycast Technology for DNS. Joffe has served on a number of the U.S. government’s cybersecurity intelligence panels and was the leader of the groundbreaking Conficker Working Group. Joffe is also the chairman of the Neustar International Security Council (NISC), which is comprised of an elite group of cybersecurity leaders across industries and companies who meet regularly to discuss the latest cyberattack trends.