With organically grew security infrastructure, most enterprises have started dealing with a numerous security tools having overlapping functionalities and multiple sources of same data. Some of the key challenges associated with managing an assortment of security tools and technologies from different vendors, including:
- Too many security alerts. Multiple threat detection tools generate independent security alerts that must be investigated, prioritized, and remediated. When there are too many alerts, security analysts are forced to quickly assess alerts, prioritize a handful, and ignore the rest. This can lead to false positive/false negative situations where analysts waste time chasing dead ends, or disregard serious events. This is exactly what happened at Target when overwhelmed SOC personnel ignored alerts that eventually led to a data breach and over $160 million in unexpected costs.