When False Positives Waste Tech Team’s Time

 
 
By Karen A. Frenkel  |  Posted 09-06-2016 Email
 
 
 
 
 
 
 
 
 
  • Previous
    When False Positives Waste Tech Team’s Time
    Next

    When False Positives Waste Tech Team’s Time

    As organizations struggle to enact a strategy that helps detect and prevent security threats, too many false positives burn up time and energy in IT departments.
  • Previous
    Out-of-the-Loop C-Level Execs
    Next

    Out-of-the-Loop C-Level Execs

    34% of surveyed security pros said CEOs and other C-level executives are in the dark about cyber-attacks against their companies. But 63% admit their companies have been victimized by one or more advanced attacks during the past 12 months.
  • Previous
    Necessary Intelligence Lacking
    Next

    Necessary Intelligence Lacking

    39% of respondents do not believe their company has the necessary intelligence to convince the C-suite about the threats the company faces.
  • Previous
    Some Slow to Detect Attacks
    Next

    Some Slow to Detect Attacks

    21% of respondents say they took between 1-2 years to detect an attack. 21% took from 1-6 months to contain the breach.
  • Previous
    Others Discover Attacks Within Hours
    Next

    Others Discover Attacks Within Hours

    30% of companies discovered an attack between 1-8 hours after it occurred. 28% contained a breach in 1-8 hours.
  • Previous
    Malware Remains a Challenge
    Next

    Malware Remains a Challenge

    68% of respondents say their security team spends a significant amount of time chasing false positives of malware attacks.
  • Previous
    More About False Positives
    Next

    More About False Positives

    On average, 29% of all malware alerts are investigated and on average 40% are false positives. Only 18% of respondents say their malware detection tool tells them the risk level for each incident.
  • Previous
    Wide Range of Security Budget Expectations
    Next

    Wide Range of Security Budget Expectations

    The average cyber-security budget is $16 million, 34% of which will be allocated to incident response efforts. 50% of respondents say their budget will remain the same, 37% are expected to increase, and 13% expect it to decrease this year.
  • Previous
    Activity Blindness Across Networks
    Next

    Activity Blindness Across Networks

    67% of companies "lack visibility of threat activity" across their network.
  • Previous
    Dearth of Expertise
    Next

    Dearth of Expertise

    63% of respondents cannot prioritize threats. 55% lack in-house expertise.
  • Previous
    Unnecessary Re-imaging of Endpoints
    Next

    Unnecessary Re-imaging of Endpoints

    51% of respondents re-image endpoints based on malware detected in the network. 33% of these are done without knowing whether there really was an infection. Re-imaging is the time-consuming process of wiping out a device's information and reinstalling everything.
 

C-level executives are "completely in the dark" about cyber-attacks against their companies, yet IT professionals revealed their organizations have been victims of advanced attacks during the past 12 months. Many security pros do not believe their company has the necessary intelligence to convince the C-suite about the threats their company faces. They also are misled by false positives. The study, "The State of Malware Detection and Prevention in 2016," surveyed 597 IT and IT security practitioners in the United States responsible for directing cyber-security activities or investments within their organization. The Ponemon Institute conducted the study for Cyphort, which offers defense solutions for enterprise. Larry Ponemon, chairman and founder of the institute that bears his name, said "Companies are still struggling to have a strategy to prevent and detect malware and advanced threats. One recommendation is for organizations to significantly reduce the time spent on false positives and irrelevant threats in their network. The effective solutions are the ones that smartly combine next-generation network-based sandboxing and network behavior anomaly analysis."

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login Register