Are Your Deduplication Capabilities Good Enough?

Uploaded on 2024-12-05 in TECHNOLOGY--Resilience, FREE TO VIEW

For security teams, information overload is a real problem: 75% of CISOs reported to Dark Reading that they’re “overwhelmed” by the number of findings they’re receiving, with companies averaging 500+ endpoint security alerts that need investigation per week.

Even worse, not all of those findings are created equal; one report found between 20-40% of all findings are false positives, and these false alarms have slowed down the threat response at 33% of organizations, according to VikingCloud.

The current situation is so stressful that one report found half of cybersecurity professionals expect to burn themselves out within a year, and 80% expect burnout in three years or less. 

This epidemic is being caused in large part by tool sprawl. As an enterprise’s tech stack grows, security teams inevitably have to add more tools to properly scan and test all of the software in use, with the majority of them using anywhere from 21-80 tools, per IDC.

By nature, some of these tools overlap with each other, surfacing the same findings and contributing to the deluge of information. 

In addition, all security scanners unfortunately produce false positives—things that look like issues or vulnerabilities, but which are actually harmless. If they’re caught, a security team must manually address the issue, trading response time speed for accuracy. (81% of professionals are slowed down by manual investigations.) 

If they’re not, however, then developers receive final results including false positives, which will slow down their operations, require rescanning or other rework, and ultimately damage the security-development working relationship when agility and collaboration are essentials for businesses. 

Reducing the number of tools your team uses may seem like an easy solution. In fact, Gartner has found that three-quarters of organizations are working towards vendor consolidation, with efficiency the top reason for doing so. Make no mistake: consolidation can be a useful tool in simplifying your security workflow. However, consolidation for the sake of consolidation, or simply getting rid of tools just to say you’ve gotten rid of them, can leave your tech stack open to exploitation.

Instead, deduplication presents the more feasible answer. It’s a simple enough idea: reduce the total number of alerts or findings a security team has to review by removing duplicate findings. However, manual deduplication is difficult for a number of reasons. 

First, humans are prone to make mistakes or miss something when dealing with repetitive data. Second, manually going through every alert is not an effective use of a security team that’s already being stretched to its limits. In addition to the high occurrence of burnout within the industry, the World Economic Forum reports that cybersecurity as an industry faces a talent gap of four million individuals. 

Consequently, professionals have to do more with less, or they have to push themselves beyond their limits. 98% of security leaders surveyed by BlackFog report working beyond their contracted time average, at an average of nine extra hours per week. 

However, technology can help security professionals with duplicate findings rather than acting as another new tool to integrate into the sprawl. It’s also the same kind of technology that bad actors are using to find new vulnerabilities and issue attacks.

Of course, we’re talking about artificial intelligence (AI). AI, specifically machine learning (ML), doesn’t mind dealing with and consolidating repetitive data, and it can evaluate findings far faster than a human can. It can even learn from humans to better classify alerts in the future and escalate real threats, not false positives. With advanced reasoning and logic, ML can also go beyond simple string matching to more effectively weed out duplicates. However, these same strengths also make ML a great tool for malicious purposes, since ML can also scan for vulnerabilities in software and surface them quickly to bad actors for more avenues of attack. 

This issue is growing quickly, and it’s not going away. 74% of surveyed organizations reported their organizations are already feeling the impact of AI-driven cyber attacks. 89% of the same surveyed individuals believe that this problem will only continue to grow. Given that cybersecurity professionals are already under strain, decision makers have to prioritize assisting their teams in adequately combating this tsunami of threats. 

Effective mitigation requires efficient evaluation of alerts. To do that, teams need to tackle the twin issues of false positives and duplicate alerts.

Since scaling headcount is difficult thanks to the global talent shortage, that means embracing new solutions that cut through the noise by intelligently automating repetitive, time-consuming work. It means embracing ML – not as a panacea for all security issues, but as a tool to be used to reduce your team’s alert fatigue and help them more effectively respond to higher-level threats and execute strategic initiatives. 

Greg Anderson is CEO and creator at DefectDojo

Image:  Ideogram

You Might Also Read: 

How To Combat Cyber Security Burnout:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« NIST'S Post-Quantum Standards Are Just The Beginning
Microsoft Faces £1bn Lawsuit For Cloud Licencing Damages »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Code Decode Labs

Code Decode Labs

Code Decode Labs provides consulting for IT Technology, Cyber Security, Advanced Defense & Policing Technologies, Intelligent Networks, and Information Security.

Oxygen Forensics

Oxygen Forensics

Oxygen Forensics offer the most advanced forensic data examination tools for mobile devices and cloud services.

Nutanix

Nutanix

The Nutanix enterprise cloud platform provides performance, robust security, and seamless application mobility for a broad range of enterprise applications.

Ammune.ai

Ammune.ai

Ammune.ai (formerly L7 Defense) helps organizations to protect their infrastructure, applications, customers, employees, and partners against the growing risk of API-borne attacks.

I-Tracing

I-Tracing

I-TRACING are experts in IT security, specialized in legal compliance of information systems, security of information systems, and the collection of digital evidence and traces.

ARC Advisory Group

ARC Advisory Group

ARC is a leading technology research and advisory firm with expertise in both information technologies (IT) and operational technologies (OT)

SysTools

SysTools

SysTools provides a range of services including data recovery, digital forensics, and cloud backup solutions.

Exein

Exein

Exein are on a mission to build the world’s first ecosystem for firmware security so that all different types of firmware are secure around the world.

ODSC

ODSC

ODSC is a security systems integrator that provides services and expertise in identity management and access.

GlobalPlatform

GlobalPlatform

GlobalPlatform’s specifications are highly regarded as the international standard for enabling digital services and devices to be trusted and securely managed throughout their lifecycle.

Innosphere Ventures

Innosphere Ventures

Innosphere Ventures is Colorado’s leading science and technology incubator, accelerating the success of high-impact startup and scaleup companies.

FraudLabs Pro

FraudLabs Pro

FraudLabs Pro detects fraud and helps merchants to reduce e-commerce chargebacks by identifying high risk transactions.

Ultra Electronics

Ultra Electronics

Ultra specialises in providing application-engineered bespoke solutions. We focus on mission critical and intelligent systems in the defence, security, critical detection & control markets.

Samurai Digital Consulting

Samurai Digital Consulting

Samurai Digital Security are a cyber and Information security services provider, specialising in penetration testing, incident response, user awareness and information governance solutions.

WhizHack Technologies

WhizHack Technologies

WhizHack's mission is to not only create a pipeline of cyber security products but also to empower people to sustainable innovation in securing digital assets of tomorrow.

Cyber Defense International (CDI)

Cyber Defense International (CDI)

At CDI, we utilize decades of experience in designing and building large-scale cybersecurity programs, creating tailored solutions and services that protect businesses from cyber threats.