Lucy and Ethel: Harbingers of SIEM Fatigue

HR company Kronos and advisory firm Future Workplace surveyed more than 600 HR managers earlier this year and identified the top three reasons for employee burnout. “Unfair compensation” finished first (41% rated it no. 1) with “unreasonable workload” and “too much after-hours work” finishing in a tie for second (32%).

While SIEMs certainly cannot be blamed for unfair compensation, they are a prime offender when it comes to the second-place finishers. The torrent of alerts spewing from SIEMs presents incident response teams with an unmanageable workload that, thanks to the advent of mobile technology, follows team members 24x7. Worse yet, much of this workload is soul-crushing as incident responders chase mountains of fruitless false positives.

Combine this “SIEM fatigue” problem with the oft-cited cybersecurity skills shortage, and you have a toxic brew of too few employees chasing too many security events. SIEM fatigue opens other issues as well – such as highly compensated senior security personnel being forced into entry-level event analysis activities, simply because “somebody has to do it.”

Some of us “of a certain age” remember the classic I Love Lucy episode where Lucy and Ethel get jobs as candy wrappers. The candy conveyor is the perfect metaphor for SIEMs today – as the conveyor speeds up, they can’t keep up with the pace of wrapping and start ignoring pieces of candy, or doing things to hide the fact that they can’t keep up (translation: eat the candy). Alas, this is what happens when one gives humans more work than is humanly possible.

There’s more to the alert overload problem than security vulnerability and skyrocketing operations costs. There’s also employee burnout in a time of an acute skills shortage. The solution to burnout is obvious – give employees the tools to reduce the number of alerts to only those that matter, and their work becomes far more manageable and interesting. Lucy and Ethel may have burned out, but your employees don’t have to!