Last week, we talked about vendor sprawl, and a landscape of increasing complexity in number of tools and capabilities. Many IT departments and service providers are using a suite of tools designed to detect and alarm on suspicious network and server activities. The increase in toolsets creates an exponential increase in alert fatigue and actions to be followed up on.
Most solution vendors promote their product’s ability to cut through the noise, but many times they fail to mention how many engineering hours it can take to tune and tweak the product in order to get these results. In many cases, even good security products generate too many alerts for an IT team to handle in stride.
As alerts propagate with a trend of being false positives, those eventually get ignored in favor of newer, more unique alerts. Over time, older alerts are taken less seriously and may eventually be ignored altogether.
On top of that, with a surplus of alerts comes the job of sorting and prioritizing them before they can even be investigated. More alerts means more time spent managing and organizing the alerts, and less time spent dealing with them.
Our experience in the small and medium business (SMB) market is that many solutions are far too noisy to offer real protection to an organization at a reasonable cost. The sweet spot to seek out is a tool that can regularly capture suspicious and dangerous activities, while minimizing false positives.
Many customers think the cost of the solution is on the price tag of the software, but that’s often a small part of the total cost of ownership. Poorly built and implemented tools cost more to manage and/or leave large gaps in the required analysis to keep your environment safe.
We’ve demoed dozens of products identifying the best solutions for our clients’ needs. These tools are absolutely vital to having a robust IT security discipline, and we’ll continue to search for and implement the best solutions we can find. At the heart of every decision we make with our toolset, is the ability to get alerted clearly and quickly to relevant events, without being buried with additional noise.