What if We Saw an End to Alert Fatigue?
Blog Article Published: 12/16/2021
This blog was originally published by Secberus here.
Written by Fausto Lendeborg, Secberus.
When a violation occurs, the alert isn’t a warning to investigate, it’s a warning to remediate. The challenge is knowing which alerts are the true violations. Enterprises should be less concerned with reducing the alerts they receive and more concerned with the precision with which they address those alerts.
Alert fatigue is not necessarily the result of a lack of guardrails within your infrastructure deployment, it is the result of too many false-positives. And it’s one that continuous automated risk and trust assessment (CARTA) technology can help amend. CARTA technology empowers your security leaders, such as cloud security architects, with policies that are adaptable, customizable, and scalable. This provides your security leaders with a high level of alert specificity which is accompanied by near-zero false-positives. This is a big deal. When a violation occurs, the alert isn’t a warning to investigate, it’s a warning to remediate. Enterprises should be less concerned with early alerting and more concerned with precision.
And, there’s proof that this is a needed solution in the cybersecurity industry. According to ShiftLeft, the Cloud Posture Security Management (CSPM) industry average for false-positive alerts is 45%. Enterprises with multi-cloud infrastructures can generate hundreds to thousands of alerts a day. And security engineers can spend the equivalent of one day’s worth of work for every 32 false-positives. This is also a big deal.
Inevitably, enterprises find themselves hiring more security engineers to manage a CSPM that is essentially operating as a SOC. An enterprise should not be hiring security engineers to sort through alerts. They should be hiring them to set and enforce controls on their infrastructure so the company can be confident in their security at the speed and scale of their business.
And if they leveraged CARTA technology, they’d have the ability to eliminate false positives and alert fatigue, and hire security engineers for the right reasons.
Let’s take this one step further. There’s an additional level of maturity that you can apply to CARTA technology. When the CARTA technology is paired with a policy-first CSPM, the policy, rather than the resource, becomes the single source of truth. And so the burden of responsibility is transferred to a policy that is not dependent on any one resource. This combination of a CARTA-enabled CSPM also provides adaptability and context-aware policy. This policy enables the author to specify how, where, and to what it should apply (including both pre-deployment and production environments). By adding this functionality, your CSPM becomes more about governance than management. This is an important elevation..
The specificity of the added functionality is what will lead to drastically, if not totally, reduced false positives. The ability to adapt and provide context-aware data to any policy is a better experience in almost every way than having to use (and work-around) generic policies. One big advantage, for example, is that generic policies do not sufficiently adapt to the metadata in the configuration payload the way context-aware policies can.
So, what if we saw an end to alert fatigue? Then,
- Orchestration becomes more about remediation rather than investigation, giving your security engineers the time to focus on what matters to the business.
- Enterprise organizations are able to shift dependency away from any single resource to adaptable, scalable policy.
- Security teams gain transparency and knowledge by attaching context-aware data to any policy.
- Security strategy is enabled from the top-down, shifting the strategy from an engineer-focus to business-focus. In other words, from using a CSPM to applying cloud governance.
It’s time for enterprises to adopt new technologies, such as moving towards a governance solution, like a CARTA-enabled CSPM if we are going to end alert fatigue and get back to doing business.
Want to keep reading about this? CSPM is central to govern your risk and compliance infrastructure. But a CSPM alone is not enough. That’s why we talk about the need for a cloud governance security platform. A platform that couples policy and perspective to give enterprise organizations the most adaptable and scalable way to manage risk, compliance and operations. Read more about how to define cloud governance here.
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.