Threat Intelligence Blog

Posted June 28, 2017

Businesses face a wave of security threats on a regular basis, and the tide continues to rise. Even as detection technology gets more advanced, and more enterprises invest in internal IT security staff, keeping up with the threat landscape can be daunting.

Aggravating cybersecurity efforts is the issue of false positives, which is when normal or non-threatening activity is mistakenly identified as anomalous or malicious. While falsely identifying activity as a threat seems harmless, it’s actually a major problem; just ask any security professional who has to deal with these false alarms on a daily basis.

Even a single rule that causes false positives can result in thousands of alerts that need to be investigated, so imagine how many false positives occur from multiple rules. And if your analysts are constantly evaluating false alerts, they aren’t able to spend the proper time working on legitimate alerts.

What’s worse, security teams fatigued by rules that cry wolf often ignore or disable problematic alerts, which exposes businesses to legitimate threats.

The Staggering Cost of False Positives

How prevalent are false positives? According to a Ponemon Institute report, organizations receive an average of 17,000 malware alerts a week, and just 19% are considered reliable. Enterprises spend $1.3 million a year investigating false positives, which equates to nearly 21,000 hours of wasted time.

In addition, other issues include:

  • Prevention tools miss 40% of malware infections in a typical week
  • Security personnel only investigate 4% of alerts because the volume of false positives
  • 60% of security personnel say the severity of malware infections have increased
  • Only 41% of organizations have automated tools that capture threat intelligence and evaluate the true threat of malware

False positives carry a hefty cost for an organization’s finances and personnel. And security teams are still left to shift through massive amounts of data, trying to determine what’s a threat and what’s not.

The issue comes down to two primary problems:

  1. Technology that doesn’t properly recognize real threats
  2. Fatigued security personnel that don’t have the time or expertise to effectively analyze data

Help in Eliminating False Positives

Automation can be the answer to combatting false positives. Using an automated tool conserves your most valuable resource’s – your analyst’s – time by identifying and automatically blocking known threats before they enter your network.

The right threat mitigation tool can improve an organization’s security posture. A platform that automatically blocks malicious traffic aids an organization’s security personnel and enhances their ability to respond effectively to cybersecurity threats. Security analysts can mitigate threats in real-time by pinpointing action toward a specific host or application, instead of worrying about the complexity of changing rulesets, or wasting time on false positives.

Threat mitigation is becoming increasingly complex, and even well-staffed security teams can’t keep up with the myriad of attacks on a network from various sources. The best solution is a threat mitigation product that can identify and automatically block known threats such as malicious URLs, phishing URLs, and malicious command and control in real-time, while empowering security teams to respond quickly and effectively.

Additional Posts

Weekly Phishing Report: July 3, 2017

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...

The CyberWire Daily Briefing – June 27, 2017

LookingGlass® Cyber Solutions, a leader in threat intelligence-driven security, today ...