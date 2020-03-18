In response to new research that indicates more than a quarter of security alerts fielded within organizations are false positives, cybersecurity experts offer perspective.
EXPERTS COMMENTS
James McQuiggan, Security Awareness Advocate, KnowBe4
March 18, 2020
Having a human pilot is always important to navigate through the data, whether it's with false positives or not.
False positives are always a concern when working with large amounts of data from various monitoring sources like networks devices, endpoints and applications. An organization may flag an application only working during a specific time zone and if an outsourced company or employee is working in another time zone on the other side of the world, this would flag a false positive. Additionally, false ....False positives are always a concern when working with large amounts of data from various monitoring sources like networks devices, endpoints and applications. An organization may flag an application only working during a specific time zone and if an outsourced company or employee is working in another time zone on the other side of the world, this would flag a false positive. Additionally, false positives are a result of system configurations from third parties not applicable to the organization's infrastructure. The amount of data collected will depend on the breadth of data surveyed and "how far the net is cast." If the cast is narrow, then the information is limited, but the false positive score could be lower versus a wider cast net where this can increase, but the need for more information is collected for analysis. Having a human pilot is always important to navigate through the data, whether it's with false positives or not. While time and resources are spent on dealing with the false positives, it's important for organizations to be able to train and educate the analysts to spot them quickly and move on with the real ones. You always need a pilot in a plane to deal with events that can occur and sometimes you want the pilot, like Sully. Your analysts will need to classify and verify to make sure the event is legitimate and actual before taking action.
[Read More >>]
[Read More >>]
If you are an expert on this topic:
SUBSCRIBE to alert when new comments are posted on this news. :
[Read More >>]