Talk to an expert
BLOG

When is an alert not an alert?

By Elliot Anderson  |  October 4, 2023

The Riddler is one of Batman’s enduring enemies who takes delight in incorporating riddles and puzzles into his criminal plots—often leaving them as clues for the authorities and Batman to solve.

Question: When is a door, not a door?
Answer: When it’s ajar.

So riddle me this, Batman: When is an alert not an alert?

Users of the EventTracker platform know that one of its primary functions is to apply built-in knowledge to reduce the flood of all security/log data to a much smaller stream of prioritized alerts. However, in most cases, without applying local context, this is still too noisy. Netsurion provides a risk score that is computed based on the asset value and the Common Vunlerability Scoring System rank of the source.

This allows us to separate “alerts” into different priority levels. The broad categories are:

  • Actionable: these require that you pay immediate attention because it’s likely to affect the network or critical data. An analogy is that you have had a successful break-in and the intruder is inside the premises.
  • Awareness: there may not be anything to do, but administrators should become aware and perhaps plan to shore up defenses. The analogy is that criminals have been lurking on your street and making observations about when you enter/exit the premises and when its unoccupied.
  • Compliance: these may affect your compliance posture and so necessitate either awareness or action on your part.

And so, there are alerts and then there are actionable and prioritized alerts. Over-reacting to awareness or compliance alerts will drain your energy and eventually sap your enthusiasm, not to mention cost you in real terms. Under-reacting to actionable alerts will also hurt you by inaction that could reduce attacker dwell time and minimize the damage of ransomware or a data breach.

Find out more.

By Elliot Anderson
When is an alert not an alert?

Topics Covered

Share This

Subscribe for Exclusive Updates

Stay informed with the most recent updates, threat briefs, and useful tools & resources. You have the option to unsubscribe at any time.

Related Articles

🚨 New Webinar Alert! 🚨

Q2: SOC Quarterly Threat Briefing

🗓️ Date: July 24th, 2024
🕒 Time: 11 AM (PT)

Secure Your Spot!
Privacy PolicyTerms & ConditionsSitemapSafeHotline
magnifiercrossmenuchevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram