The number of false positive security alerts is staggering. Here's what you can do to reduce yours

3 months ago 33

Nearly fractional of each cybersecurity alerts are mendacious positives, and 75% of companies walk an adjacent magnitude of time, oregon more, connected them than connected existent attacks, a Fastly/ESG study reveals.


Image: iStock/kanawatvector

For companies that person made the leap to the unreality and API-driven satellite of modern computing, today's cybersecurity models are causing much headaches than they're worth, to the tune of 46% of each exertion downtime being caused by mendacious positives.

The report from borderline computing institution Fastly and the Enterprise Strategy Group recovered that 75% of businesses spent arsenic much, oregon more, clip chasing mendacious positives than they did dealing with existent information incidents. 

SEE: Security incidental effect policy (TechRepublic Premium)

Cloud and API-based applications marque information acold much analyzable than it was successful the epoch of on-premise computing, made evident by the mean of 11 web app and API information tools costing the emblematic concern adjacent to $3 cardinal a year. Those tools, the study said, are ineffective and mostly impede maturation owed to the information that a information alert has a adjacent 50/50 accidental of being false. 

The study describes the existent authorities of information software arsenic "a patchwork of incompatible tools" added erstwhile caller unreality vendors are brought onboard, owed to input from developers oregon different squad members, during attempts astatine modernizing app architecture oregon simply due to the fact that the institution felt that it was much unafraid to person much tools successful place. 

Regardless of the crushed for its acquisition, those tools person failed to enactment for galore companies, starring to them either moving successful log and show mode (in 53% of cases), being disabled wholly (12%) oregon some of the supra (26%). All successful all, that's 91% of businesses disabling oregon reducing the capabilities of their information bundle successful effect to excessively galore mendacious positives.

How to forestall mendacious cybersecurity positives

There are a batch of antithetic methods for getting escaped of mendacious positives, though the study does marque 1 proposition supra each others: Purchase and usage a single, unified solution designed for modern unreality and API information needs. Only 1% of respondents surveyed were already doing so, though 93% said they program to, oregon were funny in, doing truthful themselves. 

Adopting a unified merchandise that integrates with different tools, provides API visibility, uses behavioral-based blocking, continuously updates and covers aggregate architectures is important, but Fastly's elder rule of merchandise technology, Kelly Shortridge, said that tools aren't the be-all and end-all of cybersecurity: It's successful however you usage them.

Advanced tools aren't instant fixes, Shortridge said, citing the months oregon adjacent years it tin instrumentality to tune an AI oregon instrumentality learning information instrumentality to bash its occupation without generating mendacious positives and eating up worker time. "Before utilizing an opaque fancy mathematics solution, your squad (and the vendor itself) indispensable beryllium capable to lucidly place wherefore rules and deterministic logic are insufficient."  

Shortridge besides warns that collecting information successful an effort to amended information tin hinder conscionable arsenic overmuch arsenic help: If you don't person a extremity successful caput erstwhile tuning bundle oregon making a lawsuit for a definite approach, you're logging useless info.

"Any information you collect—and the metrics they drive—should beryllium straight tied to a known question with a known enactment that tin beryllium taken erstwhile it's answered," Shortridge said. Diminishing returns and squad burnout are 2 important factors to see erstwhile trying to process information into actionable metrics. "It's imperative that information teams see some adding and subtracting information to amended their decision-making and measurement not conscionable the benefits, but besides the losses to productivity and accidental costs that ingesting a information root tin enforce connected your organization."

SEE: How to negociate passwords: Best practices and information tips (free PDF) (TechRepublic)

Shortridge besides said that context, portion a soiled buzzword to some, is simply a cardinal portion of gathering a good, reliable information model. An lawsuit considered retired of discourse doesn't mean anything, she said, "which is wherefore choosing (or building) tools with thoughtful conditional logic tin assistance much accurately discern incidents wrong lawsuit data." 

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays

Sign up today

Also spot

Read Entire Article