Avoid Alert Overload - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

02:30 PM

Avoid Alert Overload

When does too much information become an impediment to decision making? That's the dilemma facing security pros as they wade through E-mail security alerts sent to them by vendors and independent researchers. The key to knowing which security alerts to pay attention to is knowing your IT environment.

Connie Sadler, Brown University's director of IT security, filters information based on what her environment's biggest point of risk is. "I'm most concerned with network access control and network registration because we have so many people visiting the campus," she says. "It depends on the type of incident and who we perceive might have information on it." Sadler isn't convinced there's one information source that IT pros can rely on. "You can't look to one place to get what you need," she says. "It can be very frustrating and draining at times."

Health care companies have the added pressure of adhering to government regulations protecting patient data. "I have eight people on my staff, and we all subscribe to our own mailing lists," says John Delano, information security officer at Integris Health. He relies on information from vendors including Cybertrust, McAfee, and Microsoft, and he wants to create a general mailbox where he and his staff can share information.

The amount of security research being done will grow as companies identify it as a competitive differentiator and independent researchers respond to cash bounties for finding the next big vulnerability. Symantec reported 3,800 vulnerabilities in commercial software last year, using a staff of about 300 people, including freelance researchers.

Much of the research has focused on the largest software providers, so there's a lotleft to be done. "We're going to see a rise in the amount of research," says Neel Mehta, team lead for Internet Security Systems' X-force research arm, which has 10 full-time security researchers. "A lot of emerging technologies have to be examined for security risks."

Dennis Brixius, chief security officer at publisher McGraw-Hill, wants any information he can get because threat assessments must be made based on a company's IT environment. "What are your key applications? What are they running? What's happening on those machines?" he says. "Knowing your inside environment is the best way to filter this information."

Continue to the sidebar:
10 Infamous Moments In Security Research

Return to the story:
The Fear Industry

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
Preparing for the Upcoming Quantum Computing Revolution
John Edwards, Technology Journalist & Author,  6/3/2021
How SolarWinds Changed Cybersecurity Leadership's Priorities
Jessica Davis, Senior Editor, Enterprise Apps,  5/26/2021
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll