Security alerts are incredibly important to quickly detect cyber-attacks, but today’s
security defense products can generate thousands of security alerts on any given day, leaving security analysts at a loss of which alerts to respond to, and potentially missing the most important ones.
Overwhelming of security alerts
A study by the Ponemon Institute found that the average organization in the study received 16,937 alerts a week and 26-50% of security alerts are false positives.
It is a challenging task to triage and investigate security alerts. 53.1% of security analyst’ time are spent on triage and investigation. Yet, it is still very hard to determine which one is true positive and which one is false positive. The nature of alerts is constantly changing and often there are inconsistent processes and no clear guidance on how to handle them.
Cost of security alerts
Based on a security analyst salary of $100,000 a year, an average TTR of 15 minutes and 100 alerts per day, you would be spending $476K on security alerts triaging.
If breached, it will cost
Not to even mention ransomware hackers are looking for more in terms of ransomware. The most recent ransomware attack demanded $70M to return mission critical information to the company.
When alerts are detected, time is of the essence to determine if it is real and if so, to respond quickly to mitigate risk and minimize financial loss to your company. Business continuity and uptime is critical for every organization and any disruption can cause not only financial loss, but negatively impact customer satisfaction and a company’s brand.
Solution:
There is no single bullet to solve this problem. Security analysts will need to continuously optimize the process with automation as much as possible. The automation journal takes time. AI as a key element of this process will guide you on the journey of automation.
So what DTonomy’s AI can do to enable you to better manage security alerts?
- Centralize alerts – consolidate all alerts from various systems into one place. As we have noticed while speaking with many companies, 1/3 of them are still using email to track security alerts which makes it hard to share the knowledge and automate the process. DTonomy’s tool enables you to consolidate security alerts into one platform.
- Correlate alerts – look for patterns across alerts to be better informed. Getting through hundreds and thousands of alerts is not an easy task. Finding inner relationship between the alerts is not straightforward. DTonomy automatically scan all the alerts and leverage advanced graph theory to recover the inner relationship between them and consolidate them into cases for you to look at together.
- Enrich security alerts – leverage other data sources and intelligence for better context. We’d always want more enriched information related to security alerts such as virustal total, whois etc. DTonomy leverages built in API integrations with third party application to ensure enriched security context.
- Leverage knowledge and historical data to guide security response. – peers’ resolutions and your historical investigation are all valuable assets that saves you and your team’s time on redundant investigations. DTonomy’s continuous learning engine is picking up those non-structured data and turn them into valuable insights to guide your future investigations.
- Continuously optimize the process. – the continuous learning engine picks up all the changes, feedbacks and continuously suggests ways for you to further optimize your process.
Start free to reduce security investigation time by 80% today.
