Stop Alert Fatigue: Delivering Time and Assurance to the SOC Team

Stop Alert Fatigue: Delivering Time and Assurance to the SOC Team

In his talk from Black Hat USA 2025, A10 Networks security expert Jamison Utter challenges the conventional approach to security alerting and automation. He argues against the "magic AI" hype and champions a model where intelligent systems augment human analysts, rather than overwhelming them.

Jamison highlights the critical process of filtering security data to deliver real value to the SOC team.

Key Discussion Points:

• The Problem with Alert Volume: Utter points out that many security products pass along alerts that are "useless, meaningless, or have no value," contributing to massive alert fatigue for SOC teams.
• Triple-Checked Alerts: The A10 approach emphasizes that an internal SOC processes alerts and triple-checks them before sending them to the customer's team. This critical filtering step ensures only genuine, actionable alerts are forwarded.
• Humans in the Loop (HITL): The model is based on having humans in the loop to validate complex "corner cases" and false positives. If a false positive occurs, the customer can provide context, the system is immediately fixed, and the issue is never seen again.
• Delivering Value: The goal of modern security technology should be to "give you back time, and assurance" by allowing security professionals to worry less about noise and focus on "when something bad actually happens."

Speaker: Jamison Utter, A10 Networks Security Expert
Event: Black Hat USA 2025

Learn more ➡️ https://bit.ly/484eDw6
#apisecurity #ai #botprotection #cybersecurity #headlesssystems #a10networks #blackhat #soc #ddos