The Truth About False Positives in Security

2022-08-09 12:18

TL;DR: As weird as it might sound, seeing a few false positives reported by a security scanner is probably a good sign and certainly better than seeing none.

Ask the security team behind any SIEM what their biggest operational challenge is, and chances are that false positives will be mentioned.

Which one is worse, too many false positives or too many false negatives?

There is also another reason why false positives might in fact be an interesting signal too: security is never "All white or all black".

"Due to the nature of the software we write, sometimes we get false positives. When that happens, our developers can fill out a form and say,"Hey, this is a false positive.

False positives cause alert fatigue and derail security programs so often that they are now widely considered pure evil.

News URL

https://thehackernews.com/2022/08/the-truth-about-false-positives-in.html

#security