Security News > 2021 > June > Cybersecurity: There's no such thing as a false positive
The topic of false positives in the security realm is one that's been on my mind lately as a harried system administrator.
The problem with false positives is that not only can they make IT or security staff complacent by assuming what's happening is no big deal, but they can distract you from the real threats by making you chase down the smaller fish for little to no purpose.
I spoke about false positives with John Hammond, senior security researcher at Huntress, a cybersecurity solutions provider.
Hammond told me: "Last year was a wake-up call for so many organizations. We saw many issues with opening up remote desktop protocol to the internet as a band-aid approach to allow more productivity at home during the rapid shift to remote work. The silver lining is that it surfaced nuanced conversations about using security tools effectively. We are seeing a rising tide in the small business and value-added reseller communities. Though they need more attention when it comes to security resources and education, enterprises aren't immune either."
"In 2021, there's really no such things as perfect tools or a false positive. If your security tool is alerting you, it's alerting you for a reason. Security controls aren't going to be tuned when you buy them so organizations will need to learn how to adjust and modify them to meet their security and business needs."
In the same token, people are smarter than machines, and the moment the next great security tool is built, someone is immediately trying to tear it down-this just goes to show that humans are needed on the defensive side to respond to such threats.