Story image

Curing security alert fatigue while still protecting your cloud infrastructure

09 Mar 17

The results of a recent survey published by the Cloud Security Alliance reveal that security professionals often feel deluged by alerts and notices, causing them to have “alert fatigue.”

Two important findings of the survey show that:

4% of IT security professionals say that the alerts they receive lack actionable intelligence to investigate, and another 31.9% report that they ignore alerts because so many are false positives.

The average enterprise generates nearly over 2.7 billion actions in cloud services per month (e.g. login, upload, comment), of which 2.5 trillion on the average are anomalous. Out of all of those events, only 23.2 billion are actual threats, a ratio of nearly 110:1

The challenge IT security professionals face is sorting through these alerts and informational messages. They know that some of these messages are important and require immediate attention.

Other messages provide useful information, but don’t require immediate attention. Still other messages just represent the normal functions in the enterprise or cloud computing environment and don’t require attention at all.

Unfortunately, IT professionals can’t easily determine what class of alert the messages represent until they’ve examined them, and important messages are being missed in the deluge of other messages.

Security analytics (on-premises or cloud) should be interconnected to the data they are analyzing at a more fundamental level, so that staff members no longer need to examine each alert or informational message, evaluate all details behind the events leading up to the alert, and then determine what to do.

These analytics services should also be available at the edge, close to where much of the data that needs analysis is being created.

High-speed, low-latency interconnection between data and security analytics, especially cloud-based analytics, helps scale analytical capabilities and control and move large volumes of data faster.

By leveraging real-time analytics to better screen alerts, you gain greater control over the number of alerts that you need to respond to quickly.

Machine learning and predictive analytics tools that analyze the alerts and the underlying data contained in operational logs make it far easier for busy IT professionals to take action when needed.

Furthermore, these tools should compare the operational data to known issues related to the use of popular and commonly deployed applications, development environments and database engines. The tools should then provide concise, helpful, actionable recommendations for those IT professionals.

A distributed security infrastructure that resides out at the edge, which leverages an Interconnection Oriented Architecture (IOA) strategy, should be the foundation of a well thought out, interconnection-first approach to security.

Deploying an IOA strategy means that the IT security platform will be able to react in real time and adapt quickly to change, while securely connecting people, locations, clouds and data within a digital ecosystem.

Article by Larry Hughes, Equinix Blog Network 

HPE extends cloud-based AI tool InfoSight to servers
HPE asserts it is a big deal as the system can drive down operating costs, plug disruptive performance gaps, and free up time to allow IT staff to innovate.
Digital Realty opens new AU data centre – and announces another one
On the day that Digital Realty cut the ribbon for its new Sydney data centre, it revealed that it will soon begin developing another one.
'Public cloud is not a panacea' - 91% of IT leaders want hybrid
Nutanix research suggests cloud interoperability and app mobility outrank cost and security for primary hybrid cloud benefits.
Altaro introduces WAN-optimised replication for VMs
"WAN-optimised replication allows businesses to continue working in the case of damage to on-premise servers."
DDN part of data mining mission on Mars
DataDirect Networks (DDN) today announced that it will be playing a role in one of NASA’s most critical missions.
Opinion: Data centre management can learn from the Navy
While a nuclear submarine may seem like a completely different beast from a data centre, the similarities in how they should be managed are striking and many.
14 milestones Workday has achieved in 2018
We look into the key achievements of business software vendor Workday this year
HPE building new supercomputer with €38m price tag
It will be installed at the High Performance Computing Center of the University of Stuttgart and will be the world's fastest for industrial production.