Five best moments from “Hacking Alert Fatigue” – CISO Series Video Chat

Here are five of our best moments from CISO Series Video Chat “Hacking Alert Fatigue: How to Manage What Seems to Be Unmanageable.”

Our guests for this discussion were:

Watch the full video

Got feedback? Join the conversation on LinkedIn.

HUGE thanks to our sponsor Sonrai Security

Best Bad Ideas

Congrats to Dutch Schwartz, principal security specialist, AWS for winning this week’s Best Bad Idea.

Other honorable mentions go to:

“Have your boss cc’d on all of the alerts that you receive. That way they will know how busy you are!” – Fred Gruhn, director, security + compliance, SMG – Service Management Group

“Build a Star Wars SOC room. Give your analysts an Atari stick controller and they have to shoot down alerts to survive.” – Dutch Schwartz, principal security specialist, AWS

“Play a drinking game with your colleagues based on alert counts and whoever loses is responsible for doing triage for the week.” – Neil Saltman, senior account executive, Anomali

“Work alerts on a first-in-first-out basis. Because if it’s happening now, it’s more critical than one that happened an hour ago.” – Jonathan Waldrop, senior director, cyber security, Insight Global

“A million monkeys with a million typewriters…. Every alert will be resolved.” – Larry Rosen, manager, security advisory, Avanade

Good Ideas

“Add in business criticality to the alerts on top of the CVSS or other traditional scoring methods to show the true impact of the alerts.” – Greg Bales, information security manager, Haworth

“Let Al algorithms scan your alerts, Correlate them automatically and continuously to meaningful grow stories and learn patterns from your response to learn out false positives. It is challenging to tune filters manually because it could be over tuned. An AI algorithm can validate via data continuously.” – Peter Luo, founder, engineer, DTonomy

Quotes from the chat room

“In reality, compartmentalize the alerts based on functions, delegate, and then let them monitor.” – Will Gregorian, head of security and technical operations, Rhino