Arecent study carried out by the Dimensional Research consultancy has once again highlighted how alert fatigue is affecting cybersecurity managers and their teams. The report analyzed, among other factors, the security workload of 427 IT professionals during 2020.
One notable result was that 70 percent of respondents had seen the volume of security alerts they had to handle double over the last five years. Meanwhile, 99 percent of professionals admit that the vast number of incidents is creating problems for their IT teams and, consequently, 83 percent claim that staff have at some point experienced alert fatigue.
In any event, as we have looked at previously, this data reaffirms that CISOs and their teams in large organizations are working under great pressure and are dealing with far too many routine tasks such as mitigating common incidents and protecting the perimeter. This reduces the time and resources available to develop an efficient, global proactive prevention strategy that leverages techniques such as threat hunting or ensures the continuous updating of systems and devices to prevent new vulnerabilities from being exploited.
Extending security teams_
In response to the problems faced by cybersecurity teams, the concept of Managed Detection and Response (MDR) has arisen. This combination of technologies can reduce the workload of CISOs and their teams by delivering techniques, tools, and security experts that serve to extend the in-house teams of organizations.
As an example, the cyberattacks carried out by the Chinese APT-41 group, which exploited vulnerabilities in Cisco, Zoho, and Citrix corporate tools, could have been averted (along with the consequent mitigation efforts of cybersecurity teams) had the targeted organizations been armed with these technologies. This is because MDR provides a dedicated team that multiplies the security response and cyber resilience 24/7, every day of the year.
It aims to provide an immediate response that reduces incident detection and response times and minimizes recovery time in the event of an intrusion and any consequent damage. To achieve this, the technologies set out from a proactive approach in order to detect any type of known or unknown and invisible threat, leveraging threat intelligence and the resources of a laboratory with experts in malware, evasion techniques, threat investigation, forensic analysis, and incident response. All this is made possible through the following:
- Threat hunting: This uses proactive searches and adversary analysis and applies threat intelligence and data analytics, combined with the knowledge and expertise of our experts.
- Threat investigation and detection: Monitoring and correlation of all events related to suspicious behavior based on threat intelligence and MITRE ATT&CK strategies.
- UEBA (User and Entity Behavior Analytics): Seeking out anomalous events by analyzing the behavior of users, applications, devices, and other entities in the organization.
- Data lake: This is a 365-day telemetry log of an organization’s endpoints and incidents recorded.
- Threat intelligence: Monitoring and analyzing hundreds of external and internal sources, thanks to the Zero-Trust Application service and other detection technologies.
- Incident response: This provides an advanced remote service for immediate incident containment and response to minimize risk exposure and impact from the very first minute.
It combines, through a single platform, threat intelligence, advanced technologies, and AI with a team of cybersecurity experts. Thanks to all of this, it is possible to deliver fast and effective detection and response to cyberthreats that evade other security controls and also to reduce the workload of in-house cybersecurity teams, thereby avoiding errors derived from alert fatigue. For this reason, MDR is exactly the support that many CISOs need, especially in the current context, in which they are under mounting pressure given the increasing number and sophistication of threats.