//////////////////////
FINAL WORD
False negative vs false
positive: How can
Next-generation
SIEM help?
There is no doubt modern-day hackers are able to
evade the preventative and detective measures of
both new and old security infrastructures. However, as
Ross Brewer, VP and MD EMEA at LogRhythm, tells us
technology such as Artificial Intelligence can advance
the science of threat detection.
T
oday’s organisations are facing
an increasingly different calibre of
cyberthreat. Modern-day hackers are
able to evade the preventative and detective
measures of both new and old security
infrastructures and are unfortunately a daily
probability for security teams.
They are dealing with a class of threats that
leverage zero-day exploits, develop targeted
and stealthy malware, or operate from
within the perimeter as a malicious insider
or imposter.
The difficulty for organisations to detect
this class of threat, is having to find the right
balance between false negative risk and false
positive frequency. However, technology such
as Artificial Intelligence (AI) can advance the
science of threat detection to accelerate the
speed and accuracy, while reducing the bane
of all security operations centres.
False negative vs. false positive
A false negative is a security incident that
was not detected in a timely manner. For
102
INTELLIGENTCIO
example, a phishing attack resulting in
a compromised user account that goes
unnoticed by the security team until more
damage occurs. A false positive, on the other
hand, is an alarm generated by security
systems that indicates a security incident
has likely occurred when, in fact, everything
is normal.
Enterprises must find their own balance
when it comes to false negative risk verses
false positive frequency. Realistically,
organisations that want to reduce false
negative risk will need to accept increased
false positive frequency and staff their
security operations centre appropriately.
Unfortunately, some vendors sell AI and
Machine Learning (ML)-based behavioural
anomaly detection as an easy button
for advanced threat detection and false
positive reduction. The silver bullet story is
too good to be true and organisations that
believe it’s easy are in for an unfortunate
reality check – likely to be realised in the
form of a high-impact and embarrassing
data breach.
www.intelligentcio.com