back caretBlog

Defining Noise: Alerts, Silos, and Runaway Tech

The most dangerous forms of noise you're not thinking about

Earlier this year ExtraHop [announced our new slogan](https://www.forbes.com/sites/extrahop/2019/01/14/rise-above-the-noise-in-enterprise-security/# 5b12b66b7bd7), a phrase equal parts mission statement and challenge to the industry, one that's overwhelmed by hype (AI, anyone?) and complexity:

Rise Above the Noise.

We believe the entire tech industry—not just security, not just IT operations, but everyone—faces the same fundamental problem of noise, a problem that only gets worse the longer it goes unaddressed by your teams, tools, and processes. Part of the issue is an assumption that noise means alerts, and yes, the alert cannon plays a significant role in causing confusion and chaos, but that's only one piece on the chessboard.

If our industry is going to rise above the noise, we need to start by expanding our definition of just what it is we're fighting.

Noise is confusion and chaos. Noise is distraction. Noise is what keeps you from being able to do your job effectively and efficiently. It gets in the way of protecting and accelerating your business. When we asked our enterprise customers and partners, "What's your noise?" three answers quickly became clear.

1: Alerts

We don't need to spend much time on this one, do we? You know it. We know it. Whether alerts are filling up inboxes or flashing in your monitoring tools, the rising complexity of IT infrastructures equals a.) more opportunities for attackers to slip through our defenses, and b.) more chances for performance errors to affect end users.

ML to the rescue, right? Yes, ML can reduce the alert noise but the data and techniques matter. Today's enterprises have become so complex, dynamic, and distributed that ML must be performed on far more than the fraction of data to avoid a garbage-in, garbage-out situation. Furthermore, a full spectrum of detectors must be deployed to deal with the complexity of the environment and the sophistication of attackers.

Why is it noise?

You can't focus on the threats or issues that actually pose a danger to your business when you're drowning in disorganized, unprioritized alerts.

2: Organizational Silos

As the tech industry continues to innovate and companies expand—both literally through acquisition or opening new branch offices, and in terms of infrastructure through cloud adoption—the problem of silos becomes increasingly serious (and expensive).

From a security perspective, your attack surface is growing at an exponential rate but you've only got visibility into the applications and systems you own or can instrument—and even that amount of insight is dependent on whether or not other teams in your organization provide the data they own without delay.

From an IT operations standpoint, the environment is growing and users are experiencing your business from a number of intersecting vectors, yet a problem with a revenue-generating application might be completely invisible to an application team who's only looking at that application's code instead of the entire delivery chain.

Why is it noise?

When information is siloed between different teams who lack a frictionless process of sharing knowledge, it takes significantly longer—and costs more in coordination—to detect and resolve problems. Silos also cause unnecessary stress, hassle, and negativity that damage working relationships and encourage burnout in an industry that already boasts a high turnover rate.

3: Runaway Technology

The other side of organizational expansion is, of course, the tech itself—and the tools required to keep all that infrastructure running smoothly. When your enterprise spreads from a central data center to a series of cloud instances and beyond, the monitoring tools that were once sufficient become stretched to the breaking point.

When it comes to network traffic analysis on the security side, or network performance monitoring and diagnostics (NPMD) for IT operations, you might need to invest in a Frankensteinian monster of appliances to analyze traffic at throughput levels that were unheard of ten years ago but are now table stakes for modern business.

Despite the price tag and complexity you still won't have full visibility into cloud packets, which means that when the shared responsibility model of the public cloud results in all hell breaking loose because your cloud assets have been compromised and your provider isn't going to pick up the blame, your security team won't be able to tell executives with confidence that they can stop it from happening again.

Why is it noise?

Think of how difficult it is to come in as a Tier 1 security analyst and understand the full picture of your attack surface from the inside out. Think of how much time in your troubleshooting process comes from swiveling between screens or arguing with vendors about where the source of a problem really lies. That anxiety, that wasted time? That's noise.

So there you have it: the three sources of noise we think are most critical for the industry to understand – and the ones that they must urgently find a way to rise above.

The first step is acknowledgement. Next up? Investing the time and energy to think about how you can address these forms of noise in your day to day, with your team, and for your business as a whole.

ExtraHop Reveal(x) Live Activity Map

Stop Breaches 87% Faster

Investigate a live attack in the full product demo of ExtraHop Reveal(x), network detection and response, to see how it accelerates workflows.

Start Demo

Sign Up to Stay Informed