Story image

Curing security alert fatigue while still protecting your cloud infrastructure

09 Mar 17

The results of a recent survey published by the Cloud Security Alliance reveal that security professionals often feel deluged by alerts and notices, causing them to have “alert fatigue.”

Two important findings of the survey show that:

4% of IT security professionals say that the alerts they receive lack actionable intelligence to investigate, and another 31.9% report that they ignore alerts because so many are false positives.

The average enterprise generates nearly over 2.7 billion actions in cloud services per month (e.g. login, upload, comment), of which 2.5 trillion on the average are anomalous. Out of all of those events, only 23.2 billion are actual threats, a ratio of nearly 110:1

The challenge IT security professionals face is sorting through these alerts and informational messages. They know that some of these messages are important and require immediate attention.

Other messages provide useful information, but don’t require immediate attention. Still other messages just represent the normal functions in the enterprise or cloud computing environment and don’t require attention at all.

Unfortunately, IT professionals can’t easily determine what class of alert the messages represent until they’ve examined them, and important messages are being missed in the deluge of other messages.

Security analytics (on-premises or cloud) should be interconnected to the data they are analyzing at a more fundamental level, so that staff members no longer need to examine each alert or informational message, evaluate all details behind the events leading up to the alert, and then determine what to do.

These analytics services should also be available at the edge, close to where much of the data that needs analysis is being created.

High-speed, low-latency interconnection between data and security analytics, especially cloud-based analytics, helps scale analytical capabilities and control and move large volumes of data faster.

By leveraging real-time analytics to better screen alerts, you gain greater control over the number of alerts that you need to respond to quickly.

Machine learning and predictive analytics tools that analyze the alerts and the underlying data contained in operational logs make it far easier for busy IT professionals to take action when needed.

Furthermore, these tools should compare the operational data to known issues related to the use of popular and commonly deployed applications, development environments and database engines. The tools should then provide concise, helpful, actionable recommendations for those IT professionals.

A distributed security infrastructure that resides out at the edge, which leverages an Interconnection Oriented Architecture (IOA) strategy, should be the foundation of a well thought out, interconnection-first approach to security.

Deploying an IOA strategy means that the IT security platform will be able to react in real time and adapt quickly to change, while securely connecting people, locations, clouds and data within a digital ecosystem.

Article by Larry Hughes, Equinix Blog Network 

Data centre cybersecurity actions that most people overlook
Schneider’s Steven Carlini discusses ways to improve data centre cybersecurity that most people don’t think of until it’s too late.
Alibaba Cloud showcases commitment to Hong Kong
The company’s service capability in Hong Kong has doubled since it established its first data centre in the city in 2014.
5 tips to reduce data centre transceiver costs
Keysight Technologies' Nicole Faubert shares her advice on how organisations can significantly reduce test time and cost of next-generation transceivers.
The new world of edge data centre management
Schneider Electric’s Kim Povlsen debates whether the data centre as we know it today will soon cease to exist.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
SUSE partners with Intel and SAP to accelerate IT transformation
SUSE announced support for Intel Optane DC persistent memory with SAP HANA.
Inspur uses L11 rack level integration to deploy 10,000 nodes in 8 hours
Inspur recently delivered a shipment of rack scale servers of more than 10,000 nodes to the Baidu Beijing Shunyi data center within 8 hours.
How HCI helps enterprises stay on top of data regulations
Increasing data protection requirements will supposedly drive the demand for Hyper-Converged Infrastructure solutions across the globe.