Go To Home

Drowning In Data – The Event Fatigue Problem

by Smokescreen Team

Event fatigue

Modern security systems generate lots of alerts and logs for security teams to look at and lead to event fatigue. They’ve become like email inboxes. You start with a clean slate but over time start getting all these emails that you don’t want. Before you know it, you’ve stopped looking at most emails making it highly probable that you’ll miss something important. Unbelieveably, it’s considered perfectly ‘normal’ for a security solution to generate hundreds or thousands of alerts for the hapless defender to sift through. Approaches such as machine learning and corellation are supposed to help, but in practice, they only help make post-mortem analysis easier.

‘Event fatigue’ is a real concern. It’s not even surprising to seasoned security professionals to find that the alerts from monitoring systems are ignored, or even worse – disabled, often in the name of ‘tuning’ the system.

The consequences? Public information has it that Target Corp’s anti-malware solution faithfully raised alerts about a possible malicious binary, however, they were ignored.

Only after an analyst has waded through the log data, analysed the events and removed false positives, are they able to deal with the actual threats.

In practice, this process never even occurs because it’s so expensive and time-consuming. Nobody has the time to pro-actively convert gigabytes of data into meaningful information. It only happens after an incident occurs.

Is there a better way? Why not design systems that only alert when something meaningful truly happens? When the event is the anomaly, you save time, money, and can actually get around to dealing with real threats.

This is one of the primary benefits of decoy based systems. By definition, any traffic is malicious, and any event is an alert that requires your attention.

We’ve all tried the old way. It didn’t work. It’s time for something better.

#Uncategorized

Continue Reading

Have you tried out IllusionBLACK yet?
  • Detect zero-days, APTs, and insider threats
  • 10x the detection capabilities with 1/2 the team
  • Get started in minutes, fully functional in hours
Schedule a demo
Go to home

Simple solutions for detecting and containing threats. Working with us does not break the bank or your spirit. We’re the company of choice for offensive security teams with a Net Promoter Score of 70+.

© 2015-2021 Smokescreen. All rights reserved.

Solutions For
Web Application AttacksLateral MovementRansomware AttacksTargeted ThreatsSocial EngineeringMalware-less Attacks