Alert fatigue is a phenomenon in which individuals receive an overwhelming amount of alerts and become desensitized to them.
If a security team sees hundreds of alerts every day that do not have critical information, they may start to pay less attention to them. Then, if a real cybersecurity event were to happen, they may not catch it in time, since alerts are not considered important anymore.
To avoid alert fatigue, a sound alert system with no noise is necessary. Knowing how to group alerts and how to manage them is very important.
Cyscale is a CSPM that provides solutions for alert fatigue and helps users understand their alerts. In this article, we will explain how.
The first step to managing alerts efficiently is understanding them. With the following four sections, you get to see how your company is handling the alerts at a glance.
The Insights card gives you context on how many alerts your assets have generated, as well as the average time to resolve them. This valuable information shows how efficiently the security team is working through findings.
The next section, Summary, shows how many alerts have a High severity and how many have a Medium severity, as well as other information about your environment.
The third card, Trend, illustrates the evolution of alerts over time. The time component, which is present in the first section as well, is key to fully understanding how well your company is progressing towards securing the cloud infrastructure over time.
Finally, the fourth section, Open Alerts by Asset Category, shows the distribution of alerts over the types of assets in the cloud. For example, knowing that your IAM or your storage assets generate the most alerts can help you focus your attention on those areas of your cloud security posture.
There are two views for alerts:
- Grouped by control, and
- An ungrouped list of all alerts.
The first view makes alerts visualization more manageable by shortening the list and grouping the alerts by control.
The result of this view is reducing alert fatigue by grouping the triggered alerts under a single item in the list. Each row represents one control, and in the fourth column, the user can see the total number of alerts, with a quick link to the affected assets.
Moreover, this feature allows users to perform actions on multiple alerts through one click: for example, you can dismiss or acknowledge all alerts triggered by a control using this panel.
The second view is a simplified view of the alerts. This is the old version of our Alerts dashboard, where you can search by alert and directly see details such as the severity, the status, or the affected asset.
Using alert exemption, users can reduce the number of alerts and eliminate false positives. Generating an exemption is very easy and can be done straight from the alerts list. The exemptions are highlighted in the compliance reports to ensure visibility and help users understand:
- why they were created,
- who created them and why,
- when they were created.
It’s never been easier to solve alerts than with the Cyscale platform!
By clicking on the control that generated the alerts, a drawer with remediation steps appears. You don’t have to go through documentation and hours of trial and error – we give you the exact measures you have to take to fix your environment!
We hope you will enjoy the new features. Stay tuned for another set of improvements that bring more context to alerts!
Cloud Security Analyst at Cyscale
Sabrina Lupsan merges her academic knowledge in Information Security with practical research to analyze and strengthen cloud security. At Cyscale, she leverages her Azure Security Engineer certification and her Master's in Information Security to keep the company's services at the leading edge of cybersecurity developments.
Receive our latest blog posts and product updates.