Avoiding 'Alert Fatigue'Former NSA CISO Chris Kubic on Making Alerts Meaningful
The key to reducing "alert fatigue" is to make sure alerts are repeatedly validated before they're distributed, says Chris Kubic, CISO at Fidelis Cybersecurity, who formerly served as CISO at the U.S. National Security Agency.
Alerts, he says, should be "validated across multiple points across your network so that you have higher confidence this is something malicious and not just some anomalous activity." Also, the alerts should be provided with context - supporting information - to help the security operations team, he adds.
In a video interview with Information Security Media Group, Kubic also discusses:
- How XDR - extended detection and response - needs to be implemented;
- What key factors to look for in an XDR solution;
- How to manage alerts more effectively.
Kubic, CISO at Fidelis Cybersecurity, previously was CISO at the NSA. He has more than 30 years of experience in information assurance and cybersecurity initiatives across the U.S. Department of Defense, Intelligence Community and other federal government sectors.