Ben Jarlett, senior application analyst at London Metropolitan University, tells CSO: “Security information and event management [SIEM] systems and extended detection and response [XDR] platforms can help, but they require proper tuning, regular updates, and skilled management to be effective.”
Jarlett adds: “In many cases, companies either underutilize these systems or face a barrage of false positives, which can obscure genuine threats and delay the identification of root causes.”
Lewis Duke, SecOps and threat intelligence lead at Trend Micro, believes consolidation of security tech stacks can help.
“Organizations are much better prepared when utilizing consolidated and correlated tooling to provide real context and remove operational overhead when it comes to investigation,” he says. “This is why we are seeing such an industry shift towards a platform-based security strategy that allows for faster, more effective IR [incident response], as well as obvious benefits around the cost and skills required to operate a reduced tech stack.”
Alert fatigue
Security monitoring systems generate millions of daily alerts, overwhelming SOCs and making it harder to isolate malicious behavior.
The high volume of false-positive alerts generated by many security systems creates an overwhelming “signal-to-noise” problem. “Analysts are often flooded with alerts, making it a daunting task to isolate genuine threats and determine their root causes,” says Logpoint’s Harpsøe.
Ultimately, addressing these challenges requires improved integration of detection tools, more effective prioritization of alerts, and a strategic emphasis on maintaining comprehensive visibility across all assets.
Corporate culture that undermines effective security strategy
Some organizations may not fully prioritize cybersecurity as part of their corporate culture, making it exceedingly challenging to uncover root causes.
“Despite recognizing the importance of security, many companies focus primarily on regulatory compliance, investing in cybersecurity tools to meet minimum standards without fostering a proactive security mindset,” says London Metropolitan University’s Jarlett.
Stephen McDermid, CSO for EMEA at Okta, argues that security leaders need to take the lead in forging an open and responsive corporate security culture.
“It’s the CSO’s responsibility to encourage people to make threats visible and escalate potential risks,” McDermid says. “If employees are fearful to raise issues and attempt to solve them alone, this may delay critical responses.”
Action plan
Companies can improve their resilience by investing in improved cybersecurity measures, staff training, incident response planning, and investment in detection and forensic capabilities.
“Focus on data breach prevention with tools such as vulnerability scanners and penetration testing that identify vulnerabilities and potential breaches before they hit,” OnSecurity’s O’Neill says.