False Positives: The Cure is Worse than the Disease


Even after implementing SOAR, SIEM, IDPS, and other solutions to obtain better security insights, SOC teams are often overwhelmed by the high volume of low-fidelity alerts generated by their security controls. This paper discusses the causes of the continued growth of false positives and the risky practices SOC teams employ to try to keep their head above water. Instead of hoping that ignored alerts won’t lead to a costly breach, companies need to use technology to automate accurate threat detection.