The Vendor's Role in Combating Alert Fatigue

COMMENTARY

For most of my cybersecurity career, I worked on the vendor side, in presales capacity, helping businesses identify and address security pain points. Now, as an information security engineer, I am on the other side, engaging with security vendors. A typical sales engagement includes pre-sales, proof of concept (PoC), onboarding, and support. While PoCs are useful, the real complexity of a product is understood only when the customer is fully onboarding. 

Although customers are responsible for accurate implementation of systems, vendors must realize they play a key role in guiding them through settings to ensure optimal performance and reduced alert fatigue. 

Achieving 100% efficiency will always be an ongoing challenge, but alert fatigue remains a significant issue. Modern security systems involve multiple components, each generating alerts that require teams to collaborate. And as alerts pile up, the complexity can overwhelm security professionals, allowing real threats to be missed. This is where vendors must step up. 

The Reality of Alert Fatigue

Alert fatigue is not new, but the problem becomes bigger as organizations adopt more complex security solutions. These tools detect every potential anomaly, generating a flood of alerts, many of which are low-priority or false positives, obscuring critical signals. 

When faced with hundreds of alerts daily, analysts can become numb, ignoring or delaying important alerts, which leads to security breaches. Vendors currently address only part of the challenge by delivering systems that detect every possible attack are only doing half their job. However, these products alone fall short in helping companies effectively manage the alert flood, often times requiring a managed security service provider (MSSP) to bridge the gap. But they must do a better job helping companies manage the resulting flood of information. 

Why Vendors Must Take Ownership

It may be tempting for vendors to shift alert management to customers, but vendors create the underlying logic that generates these alerts, and therefore, they must ensure their tools enable users to respond effectively rather than overwhelming them. 

Here's how vendors need to take lead: 

The Cost of Ignoring Alert Fatigue

If vendors fail to address alert fatigue, security teams may miss critical threats, leading to breaches. Overwhelmed staff may burn out, increasing turnover. For vendors, poor alert management can erode customer trust, leading to dissatisfaction and potential churn. 

Needed: A Partnership for Success

Alert fatigue is a shared problem, but vendors play the key role in solving it. By offering smarter, more responsive systems, ongoing optimization, and automation with context, vendors help customers focus on what matters the most. 

This isn't just about efficiency — it's about creating a partnership between vendors and customers. Together, they must be able to cut through the noise and be able to provide clarity in the fight against modern cyber threats. Vendors must ensure their solutions don't just alert but empower users to make the best decisions. 

Don't miss the upcoming free Dark Reading Virtual Event, "Know Your Enemy: Understanding Cybercriminals and Nation-State Threat Actors," Nov. 14 at 11 a.m. ET. Don't miss sessions on understanding MITRE ATT&CK, using proactive security as a weapon, and a masterclass in incident response; and a host of top speakers like Larry Larsen from the Navy Credit Federal Union, former Kaspersky Lab analyst Costin Raiu, Ben Read of Mandiant Intelligence, Rob Lee from SANS, and Elvia Finalle from Omdia. Register now!