Mar 15, 2022
Alert fatigue is a major problem in the cloud security industry with security practitioners receiving hundreds of unprioritized alerts every day. Understanding which alerts need to be remediated and in what order, is an extremely important, yet tedious and time-consuming task.
The result is that cyber security teams are becoming overwhelmed – causing low morale, high turnover, and missed critical alerts.
In an effort to combat the problem, Orca Security commissioned a survey among 800+ IT security professionals in five countries (US, UK, France, Germany and Australia) and across ten industries (including financial services, healthcare, and technology) who are deploying applications on Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Oracle Cloud, Alibaba Cloud, IBM Cloud, and other public cloud providers.
The Orca Security 2022 Cloud Security Alert Fatigue Report, the industry’s first security alert fatigue report focused on public cloud environments, discusses the results of the survey and shows the scale of the alert fatigue problem, its causes and impacts, and potential solutions.
The report includes global results with specific call-outs for each country as well as for the financial services and healthcare industries.
Alert fatigue happens when security professionals are exposed to a large number of often meaningless, unprioritized security alerts and consequently become overwhelmed. Alert fatigue is a common problem in IT security and is no different in public cloud security.
Like the story of ‘The Boy Who Cried Wolf’, if the amount of meaningless and false positive alerts becomes too great, responders become desensitized, resulting in alerts that actually do deserve attention, getting missed.
Orca’s survey showed that public cloud security alert fatigue is a widespread problem with far reaching consequences, including turnover and missed critical alerts:
Our results showed that the financial services industry is hit especially hard: 71% of financial services respondents receive more than 500 public cloud security alerts per day, 85% have more than 500 public cloud security alerts open, and 63% of security teams spend more than 20% of their time reviewing and prioritizing alerts each day.
As the research report shows, a high percentage of alerts are false positives or of low priority. Regardless of these common inaccuracies, teams must still address each alert as if it’s a true positive until they know otherwise.
However, if the vast majority of alerts are either inaccurate or just noise, responders will start ignoring alerts, which can have potentially disastrous consequences.
The majority of respondents use no less than five or more public cloud security tools. The types of tools most used are network scanning tools (84%), followed closely by cloud platform native security tools (82%).
The Orca Security survey showed that the more tools are used, the higher the proportion of false positives and the worse the alert fatigue.
When multiple siloed tools are deployed, several tools will report on the same issues but from a different perspective, creating more work for security teams.
Even though the survey respondents clearly indicate that their public cloud security alerts are lacking in accuracy, the vast majority say they feel confident in the accuracy of their security tools, and that they are satisfied with how their security tools prioritize risk.
Are we setting the bar too low for security?
Should we be demanding better risk prioritization to alleviate alert fatigue and become more effective in our security efforts?
To find out more and read about the key recommendations for addressing alert fatigue, download the Orca Security 2022 Cloud Security Alert Fatigue Report.