Australia Post Builds AI to Sort Through Security Alerts
Every SOC team drowns in alerts. Thousands per day. Most of them noise. Australia Post felt that pain too, so they decided to build their way out. They partnered with Alpha Level, a startup that knows ML, to co-develop two models that could actually tell the difference between a real threat and a false alarm that wastes everyone's time.
Here's the thing though — they're not just building this in a lab and hoping it works. They're running it in production right now, which means real incidents are getting sorted by these models before humans see them. That's either really smart or a bit terrifying depending on how you look at it. The models learn from their actual incident queue, which means they get better at spotting what their specific environment treats as critical versus noise.
Why does this matter? Because alert fatigue kills security programs. When your team is buried under five thousand alerts a day, they miss the actual attacks. If these models can cut that down by even half, suddenly your SOC can actually do their job instead of just clicking through tickets like robots.
How to Improve Your Alert Management — Step by Step
For SOC teams and security engineers
- 1Audit your current alert volume. Count how many alerts your team receives daily and track which ones get actioned versus ignored.
- 2Baseline your noise. Identify patterns in false positives specific to your environment — VPN logins, scheduled backups, known scanner activity — and suppress them at the source.
- 3Implement alert tuning rules. Use your SIEM or security platform to adjust thresholds and correlation rules so only high-confidence events generate alerts.
- 4Consider ML-assisted prioritization. If your team is drowning, explore tools or partnerships (like Australia Post did) that use machine learning to rank incidents by likelihood of being real threats.
- 5Measure before and after. Track time-to-detection, time-to-response, and analyst burnout metrics to see if your changes actually reduce noise without missing real attacks.
Summary: Alert fatigue destroys security teams. Start by measuring your noise, eliminate false positives at the source, then consider ML-assisted prioritization if you need it.