Risk-Based Alerting Helps SOCs Focus on What Really Matters

Risk-Based Alerting Helps SOCs Focus on What Really Matters

Detection tools can potentially overwhelm security operation center analysts with alerts, many of which are false positives, leading to ticket fatigue and missed attacks. Jesse Trucks, minister of magic at Splunk, says the latest risk-based alerting technology is helping SOCs focus on the threats that really matter.

Most threat detection systems can potentially create hundreds of alerts per day, but analytics can only review a maximum of 25 tickets a day, says Trucks. Risk-based alerting helps workers make the most impact. "By creating risk rules, you can now expand the number of detections you have to very large volume but only still have a smaller volume of tickets than you used to have because it groups them together with the intelligence on and under the hood."

In this ebook with Information Security Media Group, Trucks discusses:

  • The common challenges with alerts that security operations teams and analysts face;
  • How risk-based alerting works to reduce false positives and create more high-fidelity tickets;
  • Specialized tools, services and training to help organizations quickly implement risk-based alerts and see results.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.