Over a Quarter of Security Alerts Are False Positives

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,055
More than a quarter of security alerts fielded within organizations are false positives, according to new research from the Neustar International Security Council (NISC).

The NISC surveyed senior security professionals across five European markets and the US, highlighting the risks of alert fatigue currently being faced by businesses around the world.

As detailed in the research, more than two-fifths (43%) of organizations experience false positive alerts in more than 20% of cases, while 15% reported more than half of their security alerts are false positives.

The survey also revealed that enterprises, in response to growing cybersecurity threats, are investing more resources in network monitoring and threat intelligence technologies that create more alerts – and thus more false positives – for security teams.

“Security tools that simply produce large quantities of data to be analyzed, without contextualizing potential threats, are contributing to data overload, alert fatigue and burnout,” said Rodney Joffe, chairman of the NISC and SVP and fellow at Neustar.

“Cybersecurity teams are increasingly drowning in data and are overwhelmed by the massive volume of alerts, many of them false positives. To ensure these high-value employees in mission critical roles are well-equipped to separate the signal from the noise, enterprises need a curated approach to security data that provides timely, actionable insights that are hyper relevant to their own organization and industry.”

Curated threat data helps enterprises to counter real threats more effectively and spend less time chasing false positives, Joffe concluded.
 

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,463
In the past, I used a small free utility program to adjust the registry. It was a program that was created by individuals as a hobby, and many people loved it. At one point, Symantec detected the software as a virus, and users began complaining and suspicious. The author seems to have contacted Symantec for a correction, but did not immediately recognize it as a false positive. The author, tired of those negotiations and user inquiries, stopped updating and releasing this software.

I think it is a difficult problem.
 

Antus67

Level 9
Verified
Well-known
Nov 3, 2019
413
Sad to say false/positive alerts are part of today's security threats Cybersecurity teams are increasingly drowning in data and are overwhelmed by the massive volume of alerts, many of them false positives as quoted above. What's the next step?
 
B

BVLon

It’s either false positives or false negatives. Which one do you consider being worse?
 
  • Like
Reactions: Venustus
B

BVLon

This can be a killer for a business :)
For a home user it's nothing obviously, I infect my PC on daily basis and it's fun. But imagine Dridex on a business environment stealing the financial data of all customers... it spells a dreadful penalty at the very least. So again, which one do you consider worse?

Oh you've already said this is worse lol... just now I realised :D
 

Venustus

Level 59
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Dec 30, 2012
4,809
This can be a killer for a business :)
For a home user it's nothing obviously, I infect my PC on daily basis and it's fun. But imagine Dridex on a business environment stealing the financial data of all customers... it spells a dreadful penalty at the very least. So again, which one do you consider worse?
Agreed, much worse for business..!
Both are bad but I would still consider a false positive the best of both evils:)
 
  • Like
Reactions: stefanos and BVLon
B

BVLon

Agreed, much worse for business..!
Both are bad but I would still consider a false positive the best of both evils:)
I personally would examine the quality of the false positive. If it's some chinese dating program detected as a threat, that's absolutely tolerable for me, considering I am not even in china. But if it's a known Windows, Chrome or other popular software's module, either they whitelist the file RIGHT NOW or they refund me the price I've paid for the product. The choice is theirs.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top