Threat Management, Threat Intelligence, Threat Management

Uber drives down alert fatigue with customized data sets

To combat alert fatigue among its security analysts, transportation service Uber applies specially customized data sets to flagged incidents to help distinguish between genuine threats and non-malicious activities, as well as to prioritize the most serious events.

“We've spent a lot of time on our side curating the way that we look at [alert] signals in order to relieve ourselves of that fatigue,” said Luis Guzman, director of security response at Uber, in a Wednesday session at the 2017 RSA Conference in San Francisco. “A large majority of the alerts that we receive – over 95 percent – are immediately enriched with other data to distinguish the difference between an engineer just being a cowboy or an engineer trying to [exfiltrate] data.”

The session, which focused on corporate espionage and how to prevent it, featured a number of unusual anecdotes and case studies, including a recent one from Milan Patel, managing director of cyber investigations and incident response at K2 Intelligence.

According to Patel, just weeks ago, K2 discovered an unknown actor on the dark web selling physical data access to a large bank's facility in a European country. However, when K2 contacted the bank, its management didn't even realize it had assets based in this country.

“Sure enough, they did some investigations and found out there was an intern program in this country, and there was a facility that was owned by the bank and this person was selling…access off-hours into that facility, where presumably there are corporate laptops and computers connected to the global network,” said Patel. Investigators were then able to narrow down the intern responsible.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.