A survey of 427 cybersecurity professionals published today by Sumo Logic, a provider of a security event information management (SIEM) platform provided as a cloud service, suggests alert fatigue has become a chronic issue.
According to the survey results, 70% of respondents have seen the volume of security alerts more than double in the past five years.
There is almost unanimous agreement (99%) that high volumes of alerts are causing problems for IT security teams, with 83% of respondents saying their security staff are experiencing alert fatigue. Three-quarters of respondents (75%) said they would need three or more additional security analysts to address all alerts the same day.
Dana Torgersen, director of product marketing for Sumo Logic, said alert fatigue is one of the primary reasons there is so much turnover among IT staff. The only way to minimize that turnover is to invest in automation that reduces the volume of alerts being generated, he said.
The bulk of the alerts that are generated are not indicative of an actual attack or security breach. A continuous stream of alerts can even adversely affect security because members of the IT staff become inured to all the alerts being generated and ignore an alert about an actual attack.
Organizations that invest in security automation appear to be seeing a return on that investment. Nearly two-thirds of respondents of the organizations with high levels of automation (65%) can resolve most security alerts the same day. That compares to 34% of those organizations with low levels of automation.
In general, 92% of respondents said automation is the best solution for dealing with large volumes of alerts. However, 88% of respondents said they face challenges with their current SIEM and 99% said would benefit from additional SIEM automation capabilities.
Torgersen said one of the primary benefits of shifting SIEM and other security tools into the cloud is that it becomes more feasible to apply machine learning algorithms and other forms of artificial intelligence (AI) to massive amounts of data that is collected from multiple organizations. Those algorithms are then able to significantly reduce the number of extraneous alerts that are generated, he said. In fact, according to the survey, 84% of respondents see many advantages in employing a SIEM platform that is accessed as a cloud service.
Cybersecurity tools were beginning to migrate to the cloud even before the arrival of the COVID-19 pandemic. However, that shift is now accelerating as cybersecurity professionals continue to work from home to help combat the spread of the pandemic. It’s, of course, feasible to remote access cybersecurity tools deployed on-premises. However, cybersecurity tools that run natively in the cloud are usually better able to analyze threats against, for example, endpoints that IT organizations don’t directly control.
Regardless of the motivation, however, the one thing that is clear is organizations looking to employ AI to augment hard-pressed cybersecurity staff will increasingly need to look to the cloud.