Skip to main content

Alert overload and false positives still plague the cybersecurity industry

(Image credit: Shutterstock / Song_about_summer)

One of the biggest hindrances for cybersecurity practitioners everywhere is alert (opens in new tab)overload, a problem that was only exacerbated in 2020, according to a new report from CRITICALSTART.

Compared to 2019, 12 percent more IT pros now investigate between 10 and 20 alerts every day. The number of IT pros that investigate anywhere between 21 and 40 alerts a day also grew by 14 percent.

In many cases, the alerts are false positives. For the majority of the respondents, anywhere between 25 and 75 percent of alerts (opens in new tab)investigated turn out to be false positives.

To try and minimize the number of false alarms, almost half of SOC pros turn off high volume alerting features, especially when there are too many alerts to go through. This could result in the investigators missing legitimate issues.

Investigating the impact of Covid-19 on alert management, CRITICALSTART found that the pandemic only made the situation worse. For the majority of SOC professionals, alerts have increased in numbers since March 2020.

To improve the situation, most businesses are organizing additional education and training. The report found that almost all (95 percent) of SOC pros receive more than 10 hours of training each year.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.