Go To Home
Schedule a 1:1 Demo

Drowning In Data – The Event Fatigue Problem

by Smokescreen Team

Modern security systems generate lots of alerts and logs for security teams to look at and lead to event fatigue. They’ve become like email inboxes. You start with a clean slate but over time start getting all these emails that you don’t want. Before you know it, you’ve stopped looking at most emails making it highly probable that you’ll miss something important. Unbelieveably, it’s considered perfectly ‘normal’ for a security solution to generate hundreds or thousands of alerts for the hapless defender to sift through. Approaches such as machine learning and corellation are supposed to help, but in practice, they only help make post-mortem analysis easier.

‘Event fatigue’ is a real concern. It’s not even surprising to seasoned security professionals to find that the alerts from monitoring systems are ignored, or even worse – disabled, often in the name of ‘tuning’ the system.

The consequences? Public information has it that Target Corp’s anti-malware solution faithfully raised alerts about a possible malicious binary, however, they were ignored.

Only after an analyst has waded through the log data, analysed the events and removed false positives, are they able to deal with the actual threats.

In practice, this process never even occurs because it’s so expensive and time-consuming. Nobody has the time to pro-actively convert gigabytes of data into meaningful information. It only happens after an incident occurs.

Is there a better way? Why not design systems that only alert when something meaningful truly happens? When the event is the anomaly, you save time, money, and can actually get around to dealing with real threats.

This is one of the primary benefits of decoy based systems. By definition, any traffic is malicious, and any event is an alert that requires your attention.

We’ve all tried the old way. It didn’t work. It’s time for something better.

#Uncategorized

Continue Reading

  • The curious case of “How many decoys do I need?”

    Decoys can be deployed everywhere in your network – current-gen deception technology makes that possible. There are however no free lunches and pervasive deception might come with a cost. So the question is, should you?
    By Sudarshan Pisupati
  • Doing Our Bit to Defend Essential Services

    COVID-19 has put pressure on staff, business operations, and investments. To help offload some of that stress, we’ re giving a three-month license of our perimeter deception solution to essential services organisations for free.
    By Amir Moin
  • 6 Ways Deception Technology Levels Up Your SOC

    Learn how deception technology enables SOCs to move from simple log aggregation and static detection use-cases to a proactive, low false-positive detection model that heavily automates response mechanisms.
    By Amir Moin
  • Have you tried out IllusionBLACK yet?
    • Detect zero-days, APTs, and insider threats
    • 10x the detection capabilities with 1/2 the team
    • Get started in minutes, fully functional in hours
    Schedule a demo

    Smokescreen builds simple, no-nonsense products that security teams love. We help you predict attacks, detect breaches, and respond in real-time.