Here are five of our best moments from CISO Series Video Chat “Hacking Alert Fatigue: How to Manage What Seems to Be Unmanageable.”
Our guests for this discussion were:
Got feedback? Join the conversation on LinkedIn.
HUGE thanks to our sponsor Sonrai Security
Best Bad Ideas
Congrats to Dutch Schwartz, principal security specialist, AWS for winning this week’s Best Bad Idea.
Other honorable mentions go to:
“Have your boss cc’d on all of the alerts that you receive. That way they will know how busy you are!” – Fred Gruhn, director, security + compliance, SMG – Service Management Group
“Build a Star Wars SOC room. Give your analysts an Atari stick controller and they have to shoot down alerts to survive.” – Dutch Schwartz, principal security specialist, AWS
“Play a drinking game with your colleagues based on alert counts and whoever loses is responsible for doing triage for the week.” – Neil Saltman, senior account executive, Anomali
“Work alerts on a first-in-first-out basis. Because if it’s happening now, it’s more critical than one that happened an hour ago.” – Jonathan Waldrop, senior director, cyber security, Insight Global
“A million monkeys with a million typewriters…. Every alert will be resolved.” – Larry Rosen, manager, security advisory, Avanade
“Add in business criticality to the alerts on top of the CVSS or other traditional scoring methods to show the true impact of the alerts.” – Greg Bales, information security manager, Haworth
“Let Al algorithms scan your alerts, Correlate them automatically and continuously to meaningful grow stories and learn patterns from your response to learn out false positives. It is challenging to tune filters manually because it could be over tuned. An AI algorithm can validate via data continuously.” – Peter Luo, founder, engineer, DTonomy
Quotes from the chat room
“In reality, compartmentalize the alerts based on functions, delegate, and then let them monitor.” – Will Gregorian, head of security and technical operations, Rhino