Can Advanced Threat Analytics (ATA) Reduce False Security Alerts?
Advanced Threat Analytics (ATA), a Texas company that specializes in security orchestration technology, has introduced a cloud- and subscription-based alert classification platform to help MSSPs reduce the risk of alert overload.
The new ATA Alert Classification Platform leverages network data, customer-specific patterns, white-list data and crowdsourced event-reduction playbooks to help MSSPs analyze network traffic and behavior, according to a prepared statement. It then uses this information to remove “normal” events, ATA said, to ensure that MSSPs can identify cyber threats faster than ever before.
In addition, the Alert Classification Platform can be integrated with security information and event management (SIEM) tools to help MSSPs further reduce alert volume, ATA stated. It has already been deployed by 20 MSSPs, ATA noted, and provided an average alert volume reduction of 99.9 percent, the company claims.
What Is Alert Overload?
Alert overload occurs when the volume of security alerts overwhelms staff, ATA indicated. If this happens, security threats may go unnoticed, increasing the risk of cyberattacks and data breaches.
In many instances, MSSPs will deploy SIEM or other IT security tools that generate alerts any time “something out of the ordinary” occurs, according to ATA. This creates false-positive alerts that do not represent real threats.
Ultimately, alert overload — including false alerts — increase an MSSP’s operating costs and reduces its security effectiveness, ATA noted. It may lead security operations center (SOC) teams to turn off security features or ignore alerts, ATA indicated, and increases the risk that legitimate security events will go undetected.
With the Alert Classification Platform, MSSPs can focus all of their time on potential legitimate threats, ATA President Alin Srivastava said in a prepared statement.
The Alert Classification Platform enables MSSPs to automate the investigation and removal of false-positive alerts, Srivastava stated. It also features an event-orchestration capability that allows SOC teams to optimize the deployment of their security resources.
ATA: Here’s What You Need to Know
ATA was founded in 2015 by a team of security and SOC experts from Critical Start, a Texas-based MSSP. The company provides a platform that leverages an “opt-out” model for threat detection.
Many threat detection platforms leverage an “opt-in” model where an incident that conforms to a known set of parameters for abnormal behavior is deemed a potential threat, according to ATA.
Comparatively, the ATA Platform follows an opt-out model that “discards any alerts that fall within the parameters of normalcy … [to leave] only the threats behind,” the company stated.
MSSPs can deploy the ATA Platform in a multi-tenant environment and manage it via a console and mobile app, ATA noted. Also, the ATA Platform is designed for use with various SIEM tools and security and network components, ATA said, and can improve the return on investment (ROI) of every element of a security infrastructure.