Security tools are struggling to find a balance between aggressively acting against suspicious behaviors and flagging normal work-related activities as potential threats, according to an article in CPO Magazine. While blocking potential hacks is critical, enforcing overly restrictive rules can result in huge numbers of false negatives, forcing cybersecurity professionals to spend large portions of their time reviewing these reports for no added benefit, and locking general employees out from data or utilities that they need to perform their day-to-day tasks.
To help minimize these false positives, organizations need to investigate the role of tool automation and machine-learning, to help assist in reviewing events for unusual or unexpected behaviors. By doing so, the number of events incorrectly flagged can be reduced, freeing up cybersecurity resources for investigation of more complex cases or other critical tasks, without compromising the level of overall security.
Source:
