Vlad Iliushin, a cybersecurity expert and CEO of ELLIO, participated in an interview with AMTSO (Anti-Malware Testing Standards Organization) to share his insights on the current challenges in cybersecurity.
In your eyes, what is the biggest challenge for the cyber security industry today?
Cybersecurity teams (and also IT teams which were typically not structured to handle the current and escalating demands of cybersecurity) face many challenges every day. Choosing just one of these challenges would be difficult. However, what I perceive as a “ticking time bomb” is the issue of alert overload on cybersecurity teams. In an ecosystem where every single tool in use fights for the user’s attention, this constant surge of alerts greatly complicates the crucial task of accurately identifying and addressing serious targeted threats. Another big challenge I see is the increasing complexity and sophistication of cyberattacks, reflecting the relentless pace of this industry. Attacks are becoming more frequent and sophisticated, often surpassing the capabilities of traditional security measures, while generic automated attacks are more affordable and easier to set up than ever before. However, the battle in cyberspace is ongoing on all fronts.
I consider the problem of alert overload on cybersecurity teams as a ‘ticking time bomb.
You see the issue of alert fatigue among cybersecurity teams as a ticking time bomb waiting to explode…
(laugh) Not so dramatically, but I certainly perceive the overwhelming number of alerts that cybersecurity professionals have to deal with on a daily basis as a problem. If you are someone with an inbox full of hundreds or even thousands of emails, each of which is urgent, you probably know the feeling. Now imagine that this inbox is refilled every single day, regardless of the circumstances. Most enterprises handle over 10,000 alerts per day, and approximately a quarter of security teams grapple with over 1 million alerts daily. In cybersecurity, you must balance the number of sensors with the severity of each one, having enough data to protect the company on one hand, and avoiding an excessive amount of data that overwhelms the cybersecurity team on the other.
If you are someone with an inbox full of hundreds or even thousands of emails, each of which is urgent, you probably know the feeling. Now imagine that this inbox is refilled every single day, regardless of the circumstances.
How can this challenge be addressed/solved?
Well, cybersecurity is a never-ending soap opera of sorts. There is no one-size-fits-all solution to combat alert overload. This calls for a multi-faceted strategy. Firstly, prioritization is key. Not all alerts are created equal. Security teams must prioritize alerts based on the potential severity of the threat they pose, allowing the most critical issues to be addressed promptly. Next, alert consolidation is crucial. A multitude of alerts often stem from a single threat or attack. By grouping related alerts into a single incident, teams can significantly reduce the overall volume of alerts to manage. Third, Automation. Utilizing automated processes to handle low-level threats or routine tasks can free up human analysts to focus on more complex or high-level threats. And finally, advanced technologies such as machine learning can also help to fine-tune threat detection and significantly reduce the number of false positives. That is why we, at ELLIO, are focused on cybersecurity automation, enabling the cybersecurity community to do their best work.
In the battle against alert overload and alert fatigue, ELLIO offers a unique suite of tools designed to streamline security operations, combat alert fatigue, and conserve resources.
ELLIO: Virtual SOC Analyst cuts SIEM events and SOAR alerts highly accurately and in real-time.
In the battle against alert overload and alert fatigue, ELLIO offers a unique suite of tools designed to streamline security operations, combat alert fatigue, and conserve resources.
With its insights into generic attacks, opportunistic exploitation, and scanning, ELLIO equips cybersecurity teams with actionable intelligence, ensuring they focus their efforts on serious threats rather than wasting their time and resources on generic cybernoise. Through its network of honeypots, proactive scanning, and machine learning-driven dynamic firewall threat lists, ELLIO reduces the volume of perimeter events entering SIEM and alerts generated by SOAR that require human intervention by an impressive 40%.
Struggling with alert fatigue every day? Want to optimize your SOC team’s performance and get the most out of your SIEM and SOAR solutions?
Reach out to us at [email protected].
More information about ELLIO: Virtual SOC Analyst:
https://ellio.tech/automation-for-siem-soar
For the complete interview, please visit the AMTSO News Room here.