silversurfer

Level 66
Verified
Trusted
Content Creator
Malware Hunter
More than a quarter of security alerts fielded within organizations are false positives, according to new research from the Neustar International Security Council (NISC).

The NISC surveyed senior security professionals across five European markets and the US, highlighting the risks of alert fatigue currently being faced by businesses around the world.

As detailed in the research, more than two-fifths (43%) of organizations experience false positive alerts in more than 20% of cases, while 15% reported more than half of their security alerts are false positives.

The survey also revealed that enterprises, in response to growing cybersecurity threats, are investing more resources in network monitoring and threat intelligence technologies that create more alerts – and thus more false positives – for security teams.

“Security tools that simply produce large quantities of data to be analyzed, without contextualizing potential threats, are contributing to data overload, alert fatigue and burnout,” said Rodney Joffe, chairman of the NISC and SVP and fellow at Neustar.

“Cybersecurity teams are increasingly drowning in data and are overwhelmed by the massive volume of alerts, many of them false positives. To ensure these high-value employees in mission critical roles are well-equipped to separate the signal from the noise, enterprises need a curated approach to security data that provides timely, actionable insights that are hyper relevant to their own organization and industry.”

Curated threat data helps enterprises to counter real threats more effectively and spend less time chasing false positives, Joffe concluded.
 

show-Zi

Level 28
Verified
In the past, I used a small free utility program to adjust the registry. It was a program that was created by individuals as a hobby, and many people loved it. At one point, Symantec detected the software as a virus, and users began complaining and suspicious. The author seems to have contacted Symantec for a correction, but did not immediately recognize it as a false positive. The author, tired of those negotiations and user inquiries, stopped updating and releasing this software.

I think it is a difficult problem.
 
B

BVLon

It’s either false positives or false negatives. Which one do you consider being worse?
 
B

BVLon

This can be a killer for a business :)
For a home user it's nothing obviously, I infect my PC on daily basis and it's fun. But imagine Dridex on a business environment stealing the financial data of all customers... it spells a dreadful penalty at the very least. So again, which one do you consider worse?

Oh you've already said this is worse lol... just now I realised :D
 

venustus

Level 55
Verified
Trusted
Content Creator
This can be a killer for a business :)
For a home user it's nothing obviously, I infect my PC on daily basis and it's fun. But imagine Dridex on a business environment stealing the financial data of all customers... it spells a dreadful penalty at the very least. So again, which one do you consider worse?
Agreed, much worse for business..!
Both are bad but I would still consider a false positive the best of both evils:)
 
B

BVLon

Agreed, much worse for business..!
Both are bad but I would still consider a false positive the best of both evils:)
I personally would examine the quality of the false positive. If it's some chinese dating program detected as a threat, that's absolutely tolerable for me, considering I am not even in china. But if it's a known Windows, Chrome or other popular software's module, either they whitelist the file RIGHT NOW or they refund me the price I've paid for the product. The choice is theirs.