Cyber security is in the midst of a paradigm shift. Targeted attacks are outmaneuvering the prevention and detection mechanisms that companies have in place. Endpoint protection solutions are incapable of detecting fileless attacks that are defined by behavior and the use of legitimate OS tools, rather than by a malicious program being installed on a machine. Detection technologies certainly detect suspicious events, but too often they fail to filter out noise from critical incidents, generating overwhelming numbers of alerts that have no hope of being processed.
According to a 2017 EMA study,1 79% of security teams reported being overwhelmed by high numbers of threat alerts. And it’s no wonder: for example, a study by Ovum found that 37% of banks receive more than 200,000 alerts per day, and 61% receive over 100,0002. The Ponemon Institute reports that nearly half of all security alerts are false positives3. Of the rest, a large share is inconsequential and easily remedied. With the possibility to examine only a tiny fraction of alerts, overstretched security teams are forced to let the majority of alerts triggered on a daily basis go without attention. Teams are left frustrated. EMA found that 52% of operations personnel feel high levels of stress, with 21% of them stating that “not enough manpower” is a stress driver.1 The cyber security skills shortage itself is well-documented, with a 2017 ESG/ISSA finding it worsening and impacting 70% of organizations.
Despite having cyber security high in our collective awareness, and companies are still struggling with breaches. The average breach dwell time is reported to be 100 days, or more depending on the industry and study3. Companies are still being caught off-guard with breaches exposing their networks, and their customers. All the while, the intruders continue, concealed by a sea of alerts.