Light Dark
March 17, 2016 By Douglas Bonderud 2 min read

It’s impossible for information security professionals to manually detect all attempted attacks or address every new software vulnerability. As a result, companies have become increasingly dependent on security alerts and notifications to prioritize tasks and improve incident response (IR).

According to SecurityWeek, however, there’s a new problem: The sheer number of IT activities on corporate networks — and, in turn, the number of security alerts — has shifted from a steady flow to an onrushing avalanche. How do companies get out from under the weight of all these warnings?

Necessary Ignorance?

As reported by SecurityWeek, a Phantom/ESG study uncovered a number of worrisome statistics. First up? Over two-thirds of IT and security professionals said it has become increasingly difficult to handle IR in the past two years. Commonly cited problems include more overall IT activity, the use of additional technologies, more security alerts and, not surprisingly, difficultly knowing which alerts should take top priority.

More worrisome? That 74 percent of large enterprises regularly ignore some security alerts because there simply isn’t enough time or manpower to tackle every problem. Instead, companies operate on a triage system where only the most dangerous threats receive a quick response; others are put on the back burner.

It gets worse: Just over 30 percent of respondents said they ignore half of all security alerts. While 80 percent of C-suite executives have plans to pump up IR spending over the next few years, more of the same won’t solve the problem.

Defeating the Incident Response Deficit

So how do companies improve incident response when the number of new alerts and technologies show no signs of slowing? Network World noted that for many firms, part of the bottleneck comes from manual processes — for example, filling out paperwork, tracking down a particular employee or using multiple security management tools to achieve a single goal. In fact, 93 percent of organizations believe their IR efforts could be improved if the need for manual processes was reduced.

TechTarget, meanwhile, noted that slow IR creates a time deficit for security teams. According to recent Verizon research, in 60 percent of reported attacks, it took only a few minutes for cybercriminals to compromise networks, but defenders were unable to detect these breaches in the same time frame.

The result? There’s now a shift in the IR industry away from cumbersome manual processes to a combination of IT automation and orchestration. Ideally, this yields two big benefits: speedier response and better starting points. If low-level security alerts come in, for example, automated systems should be able to take appropriate action and then notify IT that the issue occurred and has been addressed, saving time and giving companies a way to reduce their time deficit.

In addition, the use of automation tools to collect and analyze high-priority attack data should give IT teams a solid, data-driven foundation they can use to build an actionable solution and then respond in force.

An avalanche of security alerts is driving down efficiency. Automation and orchestration, however, may relieve enough of the pressure to get security pros back on track.

 |  | 
Douglas Bonderud
Freelance Writer

More from

March 4, 2025

FYSA — VMware Critical Vulnerabilities Patched

< 1 min read - SummaryBroadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.Threat TopographyThreat Type: Critical VulnerabilitiesIndustry: VirtualizationGeolocation: GlobalOverviewX-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities…

February 21, 2025

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

February 14, 2025

Smoltalk: RCE in open source agents

26 min read - Big shoutout to Hugging Face and the smolagents team for their cooperation and quick turnaround for a fix! Introduction Recently, I have been working on a side project to automate some pentest reconnaissance with AI agents. Just after I started this project, Hugging Face announced the release of smolagents, a lightweight framework for building AI agents that implements the methodology described in the ReAct paper, emphasizing reasoning through iterative decision-making. Interestingly, smolagents enables agents to reason and act by generating…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature