Are you currently experiencing an attack?

Are you currently experiencing an attack?

What is a False Positive Alarm

Summary

A cybersecurity strategy is designed to keep an organization’s data and systems safe. This includes alerts whenever suspicious activity is observed, and usually also includes an automated response of blocking the attack.

Keep reading: Related Content

More Topics

Summary

A cybersecurity strategy is designed to keep an organization’s data and systems safe. This includes alerts whenever suspicious activity is observed, and usually also includes an automated response of blocking the attack.

What is a False Positive Alarm

A cybersecurity strategy is designed to keep an organization’s data and systems safe. This includes alerts whenever suspicious activity is observed, and usually also includes an automated response of blocking the attack. 

Unfortunately, no security system is perfect, and false alarms will occur. In web application security, there are two types: false positives, and false negatives. It is important to try to minimize both types.

What Are False Positive Alarms?

False positives occur when a system identifies a threat, but there isn’t a “real” threat responsible for the trigger. False positives are often a byproduct of systems that are highly sensitive, or those that follow a positive security model, which disallows traffic by default and only allows traffic that has been whitelisted.

What Are the Consequences of a False Positive?

Although false positive alarms are not as potentially dangerous as false negatives, they can still have a variety of damaging effects:

  • Burdensome. The capacity of a team of admins can become strained if they’re forced to manually review and verify a continuous series of flagged HTTP/S requests. 
  • White noise. More significantly, an abundance of false positives can create a blanket of white noise that makes it much harder to detect and proactively respond to real threats. If the admin team is constantly juggling false positives, they may find it more difficult to discern which triggers require further attention.
  • Team conditioning. False positives can also have an impact on the psychology of the team. If they’re forced to deal with false positives on a regular basis, they may become conditioned to disregarding red flags. Then, when a real threat emerges, they may feel confident dismissing it as a false positive, even when it is not. In some cases, this can result in missing an important alert; this is one factor that led to the infamous Target data breach in 2013.
  • Lost revenue. Traffic that is incorrectly blocked cannot result in sales or other forms of revenue.
  • Customer dissatisfaction. Legitimate customers who cannot access your web applications will be frustrated and possibly angry.
  • Damaged reputation. Frustrated and angry customers will damage your position in the marketplace.

How Can False Positives Be Reduced?

Simply put, false positive reduction requires better accuracy from the underlying threat detection algorithms. 

Some of this relies on the training, skill, and diligence of the team that configures and administers the web security system. It is also becoming possible to increase the accuracy of the system automatically, by incorporating feedback into the system and using this to improve its results. For an example of this, see the “Leveraging New Sources of Data” section of this recent report on bot protection (which specifically discusses bot mitigation, but the principles apply to protection from forms of hostile traffic).

Get your price quote

Fill out your email below, and we will send you a price quote tailored to your needs

This website uses cookies to ensure you get the best experience on our website.