Introduction
As security infrastructures continue to proliferate with countless appliances, systems and services (not to mention threats), incident-response teams have become inundated by security alerts, most of which are false-positives.
The industry has attempted to address this problem with security-orchestration technology, which automates many of the tasks and processes required to analyze, triage, and remediate security events. While these technologies succeed at making incident-response personnel more efficient in their existing processes, they do not address the most important source of risk and waste – massive volumes of false-positive alerts. As a result, these tools simply automate a broken process, rather than fixing it.
Fixing A Broken Process
ATA takes a fundamentally different approach to solving alert-overload by attacking the false-positive problem. By reducing overall alert volume to only those that represent actual threats, the ATA Platform frees incident-response teams to slash time-to-remediation, rather than wasting enormous amounts of time on false-positive wild goose chases. This delivers a number of benefits including:
- Eliminating the “bad and worse” choice between adding staff to manually investigate all alerts, or reducing security effectiveness by ignoring alerts or relaxing alarm thresholds to reduce alert volume.
- Freeing operations managers to move away from an “Alert Tyranny” operating model and deploying a larger percentage of staff on strategic security issues.
- Improving the return-on-investment in SIEMs, orchestration systems and other security infrastructure by ending roles as false-positive “noise generators.”