Tuesday, November 18, 2014

How Do I Raise The Signal-to-Noise Ratio?

After yesterday's piece in SecurityWeek, I received some great feedback.  The feedback I received reaffirms my belief that security professionals know the pain of alert fatigue and the deluge of false positives all too well.  Not surprisingly, many people also asked me how they can go about raising their signal-to-noise ratio.  That is an excellent question for which I am happy to offer some advice.

I have found it most effective to first enumerate security risks, goals, and priorities as discussed in one of my previous SecurityWeek pieces: http://www.securityweek.com/security-unsolvable-problem, and to then throw out the default rule set as discussed in another one of my previous SecurityWeek pieces: http://www.securityweek.com/throw-out-default-rule-set.

This approach is a bit different than the traditional approach taken by many security organizations.  But we already know that the traditional approach drowns us is noise and obscures our signal.  In my experience, I have found this approach a far better way to get to 100 a day: http://ananalyticalapproach.blogspot.com/2014/03/100-day.html.  This in turn allows organizations to operate far more efficiently, improve their signal-to-noise ratio, and reduce alert fatigue.

No comments:

Post a Comment