Story image

Curing security alert fatigue while still protecting your cloud infrastructure

09 Mar 2017

The results of a recent survey published by the Cloud Security Alliance reveal that security professionals often feel deluged by alerts and notices, causing them to have “alert fatigue.”

Two important findings of the survey show that:

4% of IT security professionals say that the alerts they receive lack actionable intelligence to investigate, and another 31.9% report that they ignore alerts because so many are false positives.

The average enterprise generates nearly over 2.7 billion actions in cloud services per month (e.g. login, upload, comment), of which 2.5 trillion on the average are anomalous. Out of all of those events, only 23.2 billion are actual threats, a ratio of nearly 110:1

The challenge IT security professionals face is sorting through these alerts and informational messages. They know that some of these messages are important and require immediate attention.

Other messages provide useful information, but don’t require immediate attention. Still other messages just represent the normal functions in the enterprise or cloud computing environment and don’t require attention at all.

Unfortunately, IT professionals can’t easily determine what class of alert the messages represent until they’ve examined them, and important messages are being missed in the deluge of other messages.

Security analytics (on-premises or cloud) should be interconnected to the data they are analyzing at a more fundamental level, so that staff members no longer need to examine each alert or informational message, evaluate all details behind the events leading up to the alert, and then determine what to do.

These analytics services should also be available at the edge, close to where much of the data that needs analysis is being created.

High-speed, low-latency interconnection between data and security analytics, especially cloud-based analytics, helps scale analytical capabilities and control and move large volumes of data faster.

By leveraging real-time analytics to better screen alerts, you gain greater control over the number of alerts that you need to respond to quickly.

Machine learning and predictive analytics tools that analyze the alerts and the underlying data contained in operational logs make it far easier for busy IT professionals to take action when needed.

Furthermore, these tools should compare the operational data to known issues related to the use of popular and commonly deployed applications, development environments and database engines. The tools should then provide concise, helpful, actionable recommendations for those IT professionals.

A distributed security infrastructure that resides out at the edge, which leverages an Interconnection Oriented Architecture (IOA) strategy, should be the foundation of a well thought out, interconnection-first approach to security.

Deploying an IOA strategy means that the IT security platform will be able to react in real time and adapt quickly to change, while securely connecting people, locations, clouds and data within a digital ecosystem.

Article by Larry Hughes, Equinix Blog Network 

Silicon Valley to lose its tech centre crown to global cities
A new survey of tech industry leaders found the majority believe it is likely the Valley will be usurped within four years by other cities around the world.
Hybrid cloud set to mitigate vendor lock-in within Thailand
IDC has released its top 10 predictions for Thailand's IT industry through to 2022.
French cloud giant sets up shop in two APAC data centres
OVH Infrastructure has expanded its public cloud services in the Asia Pacific (APAC) market operating from two data centres within the region.
SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Data center colocation market to hit $90b in next five years
As data center services grow in popularity across enterprises large and small, the colocation market is seeing the benefits in market size.
Google doubles down on hybrid cloud strategy
CSP is a platform that aims to simplify building, running, and managing services both on-premise and in the cloud.
OVH launches public cloud down under
OVH Public Cloud services is expanding to Australia out of two data centres - one in Sydney and one in Singapore.
Huawei invests in cloud deployment for Singapore
The company says its new strategic investment reflects growing demand for cloud service solutions across Asia Pacific.