In the hyperconnected information society, everybody is busy, everybody is linked in, and everybody is overloaded with information of every type imaginable. This effect is increased for those working directly with data in a data-driven economy and when that data concerns the actions and interactions of computing systems and networks, the effect is yet more pronounced. Consequently, it is no surprise that some of the top discussion topics on forums and blog posts concerning security analysis, concern the topics of information overload and fatigue.
Terms such as “alert fatigue”, burnout, and “threat overload” are the labels often attached to these issues, but are, on closer inspection, all manifestations of the inevitable exponential increase in the data analysts are expected to attend to. The all too predictable outcomes of this situation include low morale and high staff turnover. On this count, a study from 2019 found that SOC personnel turnover ranged from 10% to as high as 50%. Clearly, such a situation is not only untenable but will inevitably have a negative impact on the skills retained within the company. This study also found that not only are the number of daily alerts increasing at an exponential rate, but that false positives remain a persistent problem. At the same time, on the job training remained low with about half of respondents on presenting 20 or fewer hours of training per year.
CyberHelper can help in addressing the root cause of these issues, namely the need for correctly identifying known patterns in an ever-increasing pool of data. In other words, CyberHelper can directly aid in reducing analyst workload by streamlining the process of threat identification and focusing analyst attention where it is needed, armed with additional knowledge of how such an attack might progress. Further leveraging this advantage is the opportunity to use CyberHelper in on-the-job training using real-world test cases, even ones directly captured by the company itself.