🔍 How do you determine the value of your countermeasures? How do you combat alert fatigue? Shira Rubinoff and Clay Moody discuss this and more: https://www.youtube.com/watch?v=njrDQcX8cLU

#XDR #ThreatHunting #IncidentResponse #AlertFatigue #Alerts #Cybersecurity #Tech

Just Posted: The article discusses how Forescout XDR helps alleviate alert fatigue in security operations centers by filtering out unnecessary noise, providing actionable notifications, and improving efficiency for SOC analysts. #AlertFatigue #ForescoutXDR #SOC #Cybersecurity #Eff
https://gestaltit.com/exclusive/sulagna/beating-the-alert-burnout-with-forescout-xdr/
#Exclusive #ForescoutXDR #TFD20 #XDR

insight from my morning reading -> Mitigating Medical Alarm Fatigue with Cognitive Heuristics

https://hai.ics.uci.edu/papers/2016%20Hussain%20-%20Mitigating%20Medical%20Alarm%20Fatigue%20with%20Cognitive%20Heuristics%20-%20Preprint.pdf

#alertfatigue #burnout

Tool: We can learn your LoB apps, just let us know when an alert is generated from one.
Me: <Constantly clicks on this is LoB for the alerts they generate>
Tool: <still alerts on the LoB apps>

Fuck your machine learning and "AI" crap and just give me a simple way to exclude things FFS.
#Infosec #EDR #BlueTeam #AlertFatigue

@BreakingBadness @ColonelPanic @TheGamblingBird Very much enjoyed this interview and the time you all spent discussing #AlertFatigue with #SOC analysts. Thank you all for this content.

The #OpenSSL situation seems to be giving people the wrong lessons.

We should be clear - the openssl org did everything right. It appeared this could be very serious, and they gave us time to prepare. While doing that they kept looking at the severity and brought in outside assistance to determine the risk.

They didn't cry wolf - their understanding changed as more knowledge of the vulnerability came in. This is how things are supposed to work. They wanted to prepare people for what - at the time - could be devastating. Keep in mind, they've only ever had one vulnerability they've deemed critical since they started rating their vulnerabilities.

People are yelling "alert fatigue". OpenSSL didn't cause that. It was one alert, abut what was then broken into two vulnerabilities. If you feel that it's alert fatigue, then you're following the wrong information sources. The fatigue is a feeling derived from inputs. Adjust your inputs.

I deal with vuln management and risk rating the vulns as part of my job at an org. I would prefer a more steady handed approach from my other vendors the way OpenSSL approached this. I have to chase down and argue with most vendors about things, and they only change things in the background and never acknowledge my pushback. OpenSSL did the right thing themselves.

If you felt alert fatigue, your best option is to review your processes around vulnerability management re: vulnerability disclosure. Build out run sheets of procedures, so that when this happens, the teams are ready to go.

First step of incident response is preparation.

#alertfatigue
#infosec

#alertfatigue
Industry Report: The True Costs of False Positives in Software Security
https://mergebase.com/blog/false-positives-software-security/

It’s Time for Your SOC to Level Up - Artificial intelligence can provide manpower, context and risk assessment. more: https://threatpost.com/its-time-for-your-soc-to-level-up/151343/ #securityoperationscenter #criticalinfrastructure #artificialintelligence #workforceshortage #vulnerabilities #infosecinsider #mobilesecurity #riskassessment #cloudsecurity #alertfatigue #websecurity #guaravbanga #benefits #malware #breach #balbix #iot #ai