If you have a SIEM, or are about to implement one, then you are probably struggling with one of the biggest challenges in cybersecurity – false positives.
According to Cisco’s 2017 Security Capabilities Benchmark Study, only 28% of investigated security alerts turn out to be legitimate. But get this – because of “resource challenges” (also known as not enough people), 44% of security alerts aren’t even investigated! You can’t expect to catch cybersecurity issues when almost half are ignored!
https://blogs.cisco.com/security/cisc...
The reason this happens is false positives. Useless alerts often take the same amount of time to investigate as real ones. The traditional approach (which a lot of MSSPs still use today) is to hire a huge team of people to attempt to review every alert. Given the survey results and recent cybersecurity headlines, how well do you think this works??
If you want to catch cybersecurity threats in your environment, you have to focus on eliminating false positives so that the security experts you do have can focus on remediating real problems. As we’ve seen, this is a process and technology issue – simply adding more people is not the solution. So in this video, our cybersecurity ERIN goes through our top 9 tips for eliminating false positives in your SIEM environment.