False positives … those annoying notifications that make you panic at first, but after further investigation, turn out to be nothing to worry about. Initially, they seem like a minor inconvenience but what happens when you have hundreds, or even thousands of them occurring every day and you find yourself wasting 75% (or more) of your time on them?
Unfortunately, this is exactly what’s happening to cyber-security analysts in Security Operation Centers all over the world who are following a traditional, reactive approach to security threat monitoring. Within most SOCs, false positives are a major problem not only because they take up time and resources to address, but also because they distract security analysts from dealing with legitimate security threats.
Leave a reply
