Join Our 12-Week Journey to Automation Success: Learn More

Caught in the Riptide of Alert Fatigue: 3 Key Capabilities of a Security Incident Response and Automation Platform

Caught in the Riptide of Alert Fatigue: 3 Key Capabilities of a Security Incident Response and Automation Platform
January 15, 2018 • Resolve Staffer

I was working with one of our customers this past week on a new use case. He oversees Security Operations for a global bank (a very large financial institution). Given their size, budget and massive investment in security technologies, it would appear to an outsider that they have it all figured out. They have all the latest, cutting edge, next gen firewalls, endpoint protection, DLP, threat feeds, sandboxing, SIEM, etc… Their sec ops department should be running seamlessly, right?

Shifting Focus from Threat Detection to Incident Response

He shared with me his main concern with regards to the increased volume of security events, which his team is unable to efficiently resolve. Additionally, the increasing concerns of not becoming the next big high-profile security breach. This scenario is all too common to me, I chuckled out loud; “You’re caught in the riptide of alert fatigue!” It’s not a fun place to be and once you are in, it’s hard to paddle out. Organizations, large and small, seem to have fallen into the common trap of heavily investing in security point products that focus on prevention and detection, and once they’ve done so, they assume that their security program is complete. Au contraire mon frère! They have no security incident response processes or technology in place, alert fatigue is inevitable. Even the best preventative and detective security solutions fail. It’s not that they’re not good or that I don’t recommend using them, (I do). It’s just the nature of the beast, hence the security principal, defense in depth. Regardless, without solid investments in security incident response process and technology, organizations are left with a huge gap in their incident response (IR) process, which results in a massive current of security events and “alert fatigue” in the SOC. Our customer didn’t find this as comical as I did. To me the solution is clear. They and companies alike need to shift the focus from threat detection towards improving incident response.

The Critical Role of a Security Incident Response and Automation Platform

A Security Incident Response and Automation platform will automate and guide the user through steps required to properly manage a security incident end-to-end. In a white paper on Accelerating Security Incident Response Resolve System’s highlights the three core capabilities you should look for when selecting an incident resolution platform.

  1. Guide and orchestrate the incident response: The ability to ensure security incidents are quickly investigated, tracked and acted upon. Take protective measures and capture timeline of events along with identifying and preserving evidence and artifacts in a secure and reliable manner.
  1. Automate as a part of the process whenever feasible: Response to security incidents follows a consistent, repeatable process that can be executed quickly through a combination of automation, guided procedures and knowledge by more readily available, lower-cost resources, while increasing the productivity of more expensive and scarce expert resources.
  1. Leverage best-practice playbooks to get started: Orchestrate and execute cross-functional activities required to manage security incidents at the enterprise level using rule based procedures.

To learn more about the challenges of scaling security incident response teams and the critical role that a security incident response and automation platform plays in accomplishing this read the complimentary white paper

More Resources for Security Leaders:

Resolve-Staff

About the Author, Resolve Staffer:

This post was written by one of the awesome contributors on the Resolve team.

Recommended Reads

Syniverse Improves Operational Efficiency and Consistently Meets SLAs with Automation

Syniverse Improves Operational Efficiency and Consistently Meets SLAs with Automation

Automating number port requests accelerates service delivery from three minutes to a few seconds.

3 Steps to Deliver ROI and Business Value from IT Automation

3 Steps to Deliver ROI and Business Value from IT Automation

A three-step blueprint to define an IT automation program that delivers ROI and real business value.

Giving the Gift of IT Automation: Our Sweepstakes Winners

Giving the Gift of IT Automation: Our Sweepstakes Winners

We built custom automations for a few lucky customers. Here are the winners of our sweepstakes!