Fighting Alert Fatigue - Automated Investigations
18 July 2016

Gone are the days when cyber security mainly referred to password-protection and a trusted anti-virus software. As marvellous as the Internet is today, having access to information at the speed of light also creates high risks of security threats from virtually any source. Being proactive in monitoring threats is key, but this means that analysts must stay alert at all times to detect and respond to these threats efficiently.

But what happens when alert fatigue gets in the way? Imagine being overloaded with information to analyse for extended periods of time, and also having to detect and respond to every possible threat quickly. Sounds like too much? Because it is.

Alert fatigue often leads to security breaches, low productivity, and slow response to detected threats. This is why more analysts are turning to automated threat-monitoring as a solution to cyber security.

Here are four key benefits of Automated Investigation:

1. Eliminate Human Error and Increase Productivity

Automated investigations do not just follow a playbook with a fixed set of rules. Instead, they simulate human intelligence by collecting evidence from multiple sources to extract alerts, or leads, and then build theories around these leads while checking back with more evidence. By automating threat monitoring as much as possible, analysts can then focus on maintaining and increasing productivity on the whole.

2. Collecting Correct Information Fast

Precision is key when dealing with complex threat detection. An intensive understanding of the security situation across all breach channels and throughout the organisation is required. Just as a human would, automated investigations use different sensors which interact with each other and cross- refer to make sense of a situation more accurately.

3. Turning Leads into Intelligence

Using the right data model and simplified visual representations, automated investigations turn many leads and evidence into actionable intelligence. Data collected is turned into information that can be easily understood by analysts in terms of context, relationships and the next steps required to avert a crisis.

4. Combining Detection with Forensics

Usually, detection is made only after forensics have been applied, but because forensic tools tend to be difficult to use, evidence is sidelined until an expert can take a look at it. With automation, forensics data is collected to confirm or deny each lead proactively and continuously. The forensic data is then presented as part of a complete storyline that is easily understood by analysts, regardless of their level of expertise.

An Automated Solution

StarHub's Cyber Threat Monitoring (CTM) service accelerates the investigation process by automatically relating and aggregating the malicious activities or alerts as incidents. This feature significantly reduces the effort required by the analysts to go through and make sense of every alert flagged by the system. With a more efficient response time to flag out true positives, enterprises can thus take mitigation steps much earlier than if relying on the non-automated approach.

 

Follow StarHub Business on Linkedin for the latest business updates.

Cyber Security for the Internet of Everything

Securing your Enterprise in the digital age.

Read more
Data Centre Security

Read about the various measures that secure your Data Centre.

Read more
Why should CIOs move away from traditional Data Centres?

Break away from the tradition and get a first-person Point-of-View (POV).

Read more