Posts in Threat Response
Curing Alert Fatigue Through Suppression and Fidelity

A few of us at my organization were luckily enough to attend DerbyCon last week. This was my first time at the conference and it was amazing. I was able to meet some fellow infosec community members including @HackingDave as well as attend some great talks. One of the talks we attended was by @subtee and @kwm called "Blue Team Keeping Tempo with Offense". This talk really hit home for me. In our organization, our team has both red teamers as well as blue teamers who partner to improve our security posture. This was a fundamental aspect of their talk and something we value as a security threat team.

In order to "keep up with offense", Casey and Keith spoke heavily on where blue teams tend to break down. This captured my ear as a blue teamer trying to gain an advantage. One of their main discussion points was that we as blue teamers tend to end up with too many alerts, too much noise, and too many false positives. It got me thinking about how we have tackled this problem in our organization and I thought it would be useful to share our strategy with others.

Read More