Skip to main content
close search
site logo
Dive Brief

Cybersecurity tool sprawl leading to burnout, false positives: report

Published Oct. 13, 2021
David Jones's headshot
Reporter
A man looks at lines of code depicted on a computer screen
sestovic via Getty Images

Dive Brief:

  • Global organizations are using too many security monitoring tools at the same time, leaving security teams vulnerable to alert fatigue and the increased risk of missing a legitimate cyberattack, according to research from Trend Micro International
  • Organizations are employing 29 different security monitoring tools on average, with large organizations — those with more than 10,000 employees — using an average of 46 different tools, according to the report. The study is based on a survey of 2,303 IT security decision makers located across 21 countries. 
  • About 51% of those surveyed said they have stopped using some of the tools because of a lack of integration or skilled professionals, and difficulty understanding how to operationalize the tools, among other reasons.

Dive Insight:

The fallout from what Trend Micro calls "cybersecurity tool sprawl" is that different tools may report the same particular incident in different ways, leaving the security operations team confused as to which tool to believe. 

"This typically happens [when], say an endpoint might report an outbound connection as warning [of] destination isn't fully known, but a network sensor may report the same event as critical due to a number of reasons such as protocol abnormality, malformed packets, etc.," according to Bharat Mistry, technical director, UK at Trend Micro. "From an [operations] point of view, which alert do you believe and do you wind up spending time and energy on something that could have been a false positive?"

The risk of false positives is a serious one, according to Mistry. Independent research has shown security teams can take up to 190 days to detect a breach and another 60 days to contain a breach, Mistry said. 

The report advances previous research on the impact of alert fatigue. Previous data from IDC and FireEye showed that one-third of analysts ignored security alerts

Another growing concern is that sophisticated threat actors are turning everyday IT tools into weapons against a corporate environment, making them harder to detect. A distracted team is more likely to miss out on an attack using these types of techniques.

Filed Under: Threats

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Threats
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell