An exploration of enterprise security alert management in Europe

FireEye's latest report suggests that a number of businesses face over 10,000 cybersecurity alerts per month. What is being done to combat potential attacks?
Written by Charlie Osborne, Contributing Writer

New research released by FireEye suggests that IT teams are facing a staggering amount of cybersecurity alerts each and every month.

The report, "The numbers game: An in-depth look at alert management in Europe," explores how just one alert which is missed or slowly responded to in today's threat landscape can have dire consequences for the enterprise.

Two separate surveys, one focused on European C-level executives and one on international staff, found that in Europe, there has been a steady increase in alerts over the past two years. However, the number of people tasked with resolving and following up on alerts has stagnated -- or in some cases, decreased.

The research claims that 37 percent of respondents face over 10,000 alerts each month. In total, 40 percent of respondents said each alert is reviewed manually -- but in turn, 73 percent of IT staff in the UK, Germany and France say they are tasked with additional duties, which makes alert reviews even more difficult to keep up with.

With low staff levels and multiple responsibilities, critical alerts are more likely to be missed, placing corporate networks at risk, and this has bee shown within the forensics and security firm's data. According to the survey's respondents, at least 11 percent of moderate alerts often go 12 - 24 hours before review, and only 25 percent said that categorizing these alerts in the first place was accurate.

In addition, respondents said alert levels are increasing:


When it comes to IT security spending, 20 percent of respondents from international firms said at least half their budget goes on security management, and a further 40 percent noted that management costs were between 25 and 49 percent of their total spend. However, in the UK, France and Germany, there is a lower rate of investment in security management -- with only 17 percent of UK respondents saying 50 percent or more is spent on management. Instead, more emphasis is placed on alert management and breach mitigation.


FireEye says:

"Already-overtasked C-level executives have a tall order to identify and respond to the real risks in a ocean of data. Too often, companies are simply trying to keep up rather than determining how to improve the process. If resources were reallocated, alert management could become nimble and efficient.

Organizations need to consider alternatives including proactive testing, policy review, and new initiatives to better manage the alert process. Specifically, companies who outsource alert monitoring stand a greatly improved chance of seeing and responding to critical alerts in a timely fashion. In addition, by reducing the responsibility load on their IT staffs, they also better allocate their resources."

In related news, FireEye was awarded accreditation for the UK government's new Cyber Essentials Scheme. The scheme forms the building blocks of a basic security standard the government recommends UK corporations adhere to in order give all business networks a basic level of security against cyberattacks.

Read on: In the world of security

Read on: Fixes and Flaws

Editorial standards