- Global organizations are using too many security monitoring tools at the same time, leaving security teams vulnerable to alert fatigue and the increased risk of missing a legitimate cyberattack, according to research from Trend Micro International.
- Organizations are employing 29 different security monitoring tools on average, with large organizations — those with more than 10,000 employees — using an average of 46 different tools, according to the report. The study is based on a survey of 2,303 IT security decision makers located across 21 countries.
- About 51% of those surveyed said they have stopped using some of the tools because of a lack of integration or skilled professionals, and difficulty understanding how to operationalize the tools, among other reasons.
The fallout from what Trend Micro calls "cybersecurity tool sprawl" is that different tools may report the same particular incident in different ways, leaving the security operations team confused as to which tool to believe.
"This typically happens [when], say an endpoint might report an outbound connection as warning [of] destination isn't fully known, but a network sensor may report the same event as critical due to a number of reasons such as protocol abnormality, malformed packets, etc.," according to Bharat Mistry, technical director, UK at Trend Micro. "From an [operations] point of view, which alert do you believe and do you wind up spending time and energy on something that could have been a false positive?"
The risk of false positives is a serious one, according to Mistry. Independent research has shown security teams can take up to 190 days to detect a breach and another 60 days to contain a breach, Mistry said.
The report advances previous research on the impact of alert fatigue. Previous data from IDC and FireEye showed that one-third of analysts ignored security alerts.
Another growing concern is that sophisticated threat actors are turning everyday IT tools into weapons against a corporate environment, making them harder to detect. A distracted team is more likely to miss out on an attack using these types of techniques.