3 Steps To Keep Down Security’s False-Positive Workload — Dark

Security needs to be better automated, but while detecting attackers is great, all too often automation means that security teams are left with chasing down a list of security events that turn out not to be an attack but unexpected system, network, or user behavior.

These “false positives” are the bane of most machine-learning systems: Valid e-mail messages blocked by anti-spam systems, unexploitable software defects flagged by software analysis systems, and normal application traffic identified as potentially malicious by an intrusion detection system. First-generation security information and event management (SIEM) systems, for example, would often deliver lists of potential “offenses” to security teams, leading to a lot of work in wild goose chases, says Jay Bretzmann, market segment manager for security intelligence at IBM Security Systems.

via 3 Steps To Keep Down Security’s False-Positive Workload — Dark.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Learn More)