Secureworks · @Secureworks
23 followers · 39 posts · Server ioc.exchange

🔍 How do you determine the value of your countermeasures? How do you combat alert fatigue? Shira Rubinoff and Clay Moody discuss this and more: youtube.com/watch?v=njrDQcX8cL

#xdr #threathunting #incidentresponse #alertfatigue #alerts #cybersecurity #tech

Last updated 1 year ago

Gestalt IT · @GestaltIT
113 followers · 810 posts · Server techfieldday.net

Just Posted: The article discusses how Forescout XDR helps alleviate alert fatigue in security operations centers by filtering out unnecessary noise, providing actionable notifications, and improving efficiency for SOC analysts.
gestaltit.com/exclusive/sulagn

#alertfatigue #forescoutxdr #soc #cybersecurity #eff #exclusive #tfd20 #xdr

Last updated 1 year ago

paigerduty · @paigerduty
422 followers · 250 posts · Server hachyderm.io

Tool: We can learn your LoB apps, just let us know when an alert is generated from one.
Me: <Constantly clicks on this is LoB for the alerts they generate>
Tool: <still alerts on the LoB apps>

Fuck your machine learning and "AI" crap and just give me a simple way to exclude things FFS.

#infosec #edr #blueteam #alertfatigue

Last updated 2 years ago

Vern McCandlish · @malanalysis
759 followers · 493 posts · Server infosec.exchange

@BreakingBadness @ColonelPanic @TheGamblingBird Very much enjoyed this interview and the time you all spent discussing with analysts. Thank you all for this content.

#alertfatigue #soc

Last updated 2 years ago

Eddie. · @infoseclogger
306 followers · 120 posts · Server infosec.exchange

The situation seems to be giving people the wrong lessons.

We should be clear - the openssl org did everything right. It appeared this could be very serious, and they gave us time to prepare. While doing that they kept looking at the severity and brought in outside assistance to determine the risk.

They didn't cry wolf - their understanding changed as more knowledge of the vulnerability came in. This is how things are supposed to work. They wanted to prepare people for what - at the time - could be devastating. Keep in mind, they've only ever had one vulnerability they've deemed critical since they started rating their vulnerabilities.

People are yelling "alert fatigue". OpenSSL didn't cause that. It was one alert, abut what was then broken into two vulnerabilities. If you feel that it's alert fatigue, then you're following the wrong information sources. The fatigue is a feeling derived from inputs. Adjust your inputs.

I deal with vuln management and risk rating the vulns as part of my job at an org. I would prefer a more steady handed approach from my other vendors the way OpenSSL approached this. I have to chase down and argue with most vendors about things, and they only change things in the background and never acknowledge my pushback. OpenSSL did the right thing themselves.

If you felt alert fatigue, your best option is to review your processes around vulnerability management re: vulnerability disclosure. Build out run sheets of procedures, so that when this happens, the teams are ready to go.

First step of incident response is preparation.


#openssl #alertfatigue #infosec

Last updated 2 years ago

MathieuB · @MathieuB
28 followers · 484 posts · Server mastodon.xyz


Industry Report: The True Costs of False Positives in Software Security
mergebase.com/blog/false-posit

#alertfatigue

Last updated 2 years ago

ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online