Description
Hey team, I was going through the Scan for vulnerabilities in the cloud catalog, and it made me realize that there is a catch-22 in using security tools to reduce the threat (i.e resource consumption).
I am thinking this purely from a resource standpoint, we need the tools to reduce the threat, but the tools themselves consume resources in context to green software, so there's a cost to pay. We could agree that the price is worth paying, but I would also love to discuss this from GSF's POV.
Points across the web
Moreover, EDR solutions can strain system resources, impacting device performance. As these solutions continuously monitor and analyze a massive amount of endpoint data, they require a substantial amount of processing power and memory, which could slow down system performance.
A nother limitation is the Management Overhead associated with EDR systems. Once deployed, EDR systems require ongoing management and maintenance to ensure they remain effective. This includes monitoring alerts, investigating incidents, and updating policies and configurations. The volume of alerts generated by EDR systems can be overwhelming, requiring security teams to sift through large amounts of data to identify genuine threats.
This can be time-consuming and resource-intensive, requiring skilled security personnel. Furthermore, the management of EDR systems requires continuous learning and adaptation, as the threat landscape is constantly evolving. Organizations need to invest in training and development to ensure their security teams have the necessary skills to manage EDR systems effectively.
The high volume of false positives can also make it difficult to identify genuine threats, as security teams may become desensitized to alerts. Organizations need to fine-tune their EDR systems to minimize false positives and to develop procedures for handling alerts effectively.
Source - sustainability-directory.com
Discussions
Summarising
- High volume of data generation.
- Nested effects of false positives, alerts, and use of communication channels (more data).
- Use of AI-based solutions adds to more data gathering and classification.
All of these suggest that the security tools themselves might consume resources.
What I am suggesting?
- A new point in the "Assumption" section, is to consider the resource consumption of the tools themselves or at least the cons of choosing security tools. Additionally, ask the user to carefully evaluate the cost of said tools.
- Possibly, further research on this to validate the claims with a more well-rounded study.
Would love to hear from SMEs about this.
Disclosure: I do not work in the security space, however, I believe the argument is very generic and can be applied to other areas as well, so a dialogue about this can be beneficial.