The cost of false positive alerts, and how to avoid alert fatigue
By BUFFERZONE Team, 7/10/2022
Deception is one of the oldest war tactics, used since the times of the ancient Egyptians and Greeks. One of the most popular forms of deception is diverting the enemy’s attention by giving the impression of an attack outbreak at one place, forcing the enemy to concentrate his resources there, then attacking on a different front.
The latest example of such tactics came earlier this month (September 2022), when Ukraine reported that it had recaptured large parts of its occupied territory in the east-Ukraine Kharkov region. This was achieved by a lightning counteroffensive after the Russians were made to believe that the attack would take place in south Ukraine, causing them to reinforce in the South and leave the eastern front exposed.
Cybercriminals use similar tactics to deceive and occupy security experts. One popular practice is flooding security teams with false-positive alerts and easily-resolved, limited attacks. These weak attacks serve to occupy the time and attention of system administrators, leaving the organization vulnerable to attack.
A survey conducted by FireEye among C-level security executives at large enterprises worldwide discovered that 37 percent reported that they receive more than 10,000 alerts each month. Of those alerts, more than half (52%) were false positives.
Research conducted by Inviciti concluded that security teams spend nearly 10,000 hours annually checking unreliable vulnerability reports. This lost time could cost enterprises as much as half a million dollars annually.
High levels of false positives can lead to what is known as “alert fatigue”. This might be translated into a reality in which security analysts waste time and resources while ignoring the real threat.
BUFFERZONE Safe Workspace dramatically eliminates the costs associated with alerts and false positives coming from the most common and risky attack vectors, such as web browsing, emails and external storage devices.
With BUFFERZONE Safe Workspace, threat sources are proactively isolated in a virtual container, substantially reducing risk, until content is disarmed of risky elements. This also enables security experts to lower the risk priority of alerts coming from contained applications. These alerts are not considered a significant threat, enabling MSSPs and system managers to focus their efforts on protecting organizations from other critical attack vectors.
By eliminating the need to waste time and efforts on false positives, your organization can continue to work with no disruption, enabling security teams focus on the risks that really matter.