If your organization has a small social and digital footprint, it is possible to review a few open source intelligence (OSINT) threat alerts per day that are discovered on social media, the dark web, and other digital channels. However, what happens when the scale moves to hundreds or thousands of posts? Most digital teams, security teams, and risk professionals working on keeping the brand and the organization protected are inundated with alerts – resulting in “alert fatigue”. The problem is so significant that research shows that 40% of security alerts are simply ignored.
Many alerting systems lack actionable intelligence to investigate and alerts can create significant amounts of false positives. With the enormous volume of events generated by social media and other digital channels, it’s important that a digital risk protection solution not add to this noise.
We’re announcing the release of a new feature in DigitalStakeout Scout to combat this serious industry problem. We understand that new tools like DigitalStakeout Scout can add more risk management complexity. This is why we are making sure Scout has the features to implement and utilize a DRP solution correctly.
DigitalStakeout Scout already enables very narrow monitor creation so teams can first focus on what matters most and expand coverage. This new workflow/alerting feature enables teams to prioritize not only the severity of the triggered policy but also the notification window of alert.
As you edit a workflow rule, you will see a Yes/No option for the field Notify. This will enable you to get a notice of a triggered policy without any other notices. In the rule caption above, the rule would notify you once per hour. In addition, the rule would send you a combined result of records triggering the alert. This is where you can reduce noise.
You can set the Notify window to 1hr through 1 week while appending a tag and the policy GUID for future review and analysis.
This now offloads your stream of alerts that would be firing on match to windows of time that you can fit into your workload. For example, if you only had 30 minutes a week to review new social media accounts and domains created associated with your brand, you would set the notify window for 1 week. When you had the time to log in to Scout, you would view your workflow events at:
Select the record that applies to the alert you want to review, click on the Workflow Rule entity, and select “Focus Filter on Entity.” Instead of sharing, tagging or annotating all the sub-records associated with an event, you now need to annotate the workflow record only once with tags and comments without losing time or traceability.
Once you set your filter on the Workflow Rule GUID, you will see the records that were responsible for the rule match. Notice that the Workflow rule is appended to the record and the record is tagged as “Alert Sent.”
Once you have this feature fully in use, you will be able to fully separate hundreds of intelligence and threat detection actions at the pace and context you want!
If you would like a detailed demo of this feature and the depth of our out-of-the-box digital risk protection policies, please Contact Us and a member of the DigitalStakeout team will get back with you immediately.