Countering Threat Data Overload: The Importance of Curation

Written by

Today’s cybersecurity professionals are faced with the enormous challenge of navigating an increasingly complex threat landscape. The mass shift to a digital-first model amid the global pandemic has led to a number of new security issues for organizations. As malicious actors continue to exploit the crisis and, in turn, the transition to remote working, cyber-attacks are rising steeply across the board.

With DDoS attacks growing by 151% since January, and other threats such as phishing scams and ransomware increasing dramatically, security teams are under more pressure than ever to get cybersecurity right.

Undoubtedly, the last year has put even more strain on an already understaffed field – and this has been made more difficult by the problem of alert fatigue. Teams are struggling to separate the important information from the noise, amongst a barrage of threat data and tools which generate false positives.

The potential consequences are twofold: on the one hand, this could lead to employee burnout, and on the other, the risk of overlooking a genuine threat. Therefore, alert fatigue requires urgent attention, such as implementing a tangible solution for countering the issue of threat data overload.

Alert fatigue and increasing stress

Working in stretched teams and defending against a rising number of threats is taking its toll on cybersecurity professionals. A recent report revealed that 29% have either experienced significant personal issues, as a result of cybersecurity job stress, or they know someone who has.

The industry is also facing an uphill battle to attract and retain qualified cybersecurity talent: 48% of businesses in the UK have a basic cybersecurity skills gap, leaving teams overworked and costing employers’ time and money to find individuals with the correct skillsets. Given this current picture, it should be a key business priority to help employees avoid burnout.

One key factor adding to this stress is alert fatigue. This year, the Neustar International Security Council (NISC) found that more than 25% of security alerts are false positives. In addition, according to a Cloud Security Alliance report, 32% of cybersecurity professionals admitted to ignoring alerts because so many were incorrectly flagged as positive, while 40% said the alerts they receive lacked actionable intelligence to investigate them properly.

Ultimately, alert fatigue results in inefficiencies, low levels of job satisfaction and a greater risk of being breached.

The current patchwork of tools is not effective

A large reason for this alert fatigue is the patchwork of tools involved in threat monitoring. To combat cyber-attacks, many businesses have deployed more and more security tools. In fact, the NISC research found that two fifths of organizations have seven or more tools in place which all generate security alerts.

Whilst well intentioned, many of these tools fail to contextualize potential threats; they simply produce vast quantities of raw, generic data that must then be analyzed.

To avoid alert fatigue, and effectively defend against cyberattacks, enterprises need to have access to security threat data that is timely, actionable, and contextual to their industry and business. Ultimately, this data needs to provide the right insights into what is happening on their networks.

Curated, actionable threat data

One way to improve the quality of security data is by using a data curator. A data curator combines insights from all four types of threat intelligence: tactical, operational, strategic and technical. It is informed by a wide view of global networks, combined with behavioral analysis and pattern-based research.

This machine-readable threat data can be fed straight in to an organization’s existing analytics platforms. Rather than adding another tool to the patchwork, then, it ensures the data those tools receive is more relevant and useful.

A data curator also allows teams to minimize risks such as spam and phishing attempts, strengthen brand protection through monitoring suspicious web traffic, and safeguard against activities such as suspicious DNS tunneling attempts. Further benefits include the ability to block threats at the network and application layer; improved alerts for real, not false, deceptions; reducing the time spent researching untruthful positives; and limited dwell times of infiltrations, speeding up detection and remediation.

Curated threat data also enables cybersecurity teams to use their expertise where it is most needed, and of greatest value to the business. This way, they can have more time to investigate the most concerning and unusual threats, without being constantly distracted by junk alerts. Essentially, the solution ensures enterprises make the most of their highly skilled cybersecurity staff, boosting job satisfaction as a result.

The future of threat intelligence

As malicious actors constantly evolve their techniques, with a greater amount of screen time and opportunity, enterprises must ensure they have a way to reduce the volume of threat data, without losing its accuracy. To ensure always-on protection against cyber-attacks, and retain valuable cybersecurity staff, they should look to the future of threat intelligence: data curation.

What’s hot on Infosecurity Magazine?