Efforts to tune or build behavior- or signature-based threat identification requires time and effort most organizations don't have.
January 5, 2022 By Matthew Warner
The concept of false positives has been pushed and pulled around for years in the cybersecurity industry. Countless vendor-sponsored studies reinforce the idea that false positives are directly contributing to the problem of alert fatigue. And as a security vendor, it's no surprise that one of the top burning questions on our customers' minds is, "What's our false-positive rate?"
There's no doubt that security analysts and IT admins are frustrated by a constant barrage of alerts. But false positives aren't solely to blame; the reason is largely due to poorly targeted detection logic. Without experienced teams and large datasets, targeting threat detection can result in large volumes of noise. And because the nature of administrative work can also overlap with attacker patterns, the effort to tune or build behavior- or signature-based threat identification requires time and effort that most organizations don't have.