The cybersecurity industry has always loved alerts. At least it used to. Granted, an alert often means that something is wrong. But, in many ways, an alert has often been seen as an accomplishment in itself — after all, an alert means suspicious activity did not pass undetected.
Things have changed a lot in the last five years. Security orchestration, automation and response (SOAR) tools are mainstream, and large enterprises seek contextual intelligence and triaging tools to help them prioritize alerts. This evolution was bound to happen. With so much noise to sift through, it quickly became impossible to identify which alerts were worthy of attention and which could be safely disregarded as false alarms. The resulting alert fatigue led to a shift in thinking away from volume-based alerting and toward more effective remediation. Simply put, in today’s threat environment, alerts aren’t enough. Users don’t just need to know that something worrisome is happening — they need real, actionable advice on how to address it.