Too many false positives in traditional security approaches

According to 62 per cent of IT professionals traditional security approaches produce too many alerts and false positives for them to handle.

This is among the findings of a new study from research firm Enterprise Management Associates (EMA), sponsored by machine learning and automation specialist Prelert, which shows that 25 per cent of organisations know they experienced a breach or significant cyber attack that incurred loss last year.

When asked how they felt about security analytics, 70 per cent of respondents indicated that they either have an investment in the technology or would have an investment if it weren't for insufficient resources. Of those IT professionals already using security analytics, 95 per cent were confident of their ability to detect a security issue before it had a significant impact.

"Security analytics, though a relatively new field of technology, are the next step in detection and response technology. Machine-learning algorithms and analysis techniques have advanced far beyond the capabilities of what was available in the commercial markets only 2-3 years ago," says David Monahan, Research Director at EMA.

More than half of respondents (57 per cent) say that security analytics provides unique or specialised data for context - data that's needed to identify today's stealthier security threats. Better data flexibility and the adaptability to address a wide range of requirements was cited by 36 per cent the top reason for using analytics. Other reasons named were better data correlation and fidelity for creating responses (36 per cent), and lowering false positives (29 per cent). A further 29 per cent see security analytics as a way to reduce incident response time.

'Alert blindness' on traditional systems continues to be a major issue, with 62 per cent seeing too many false positives or having too many alerts to handle, with the result that they don't feel confident in the security protections they have in place. Another 38 per cent say they aren't confident because there's too much uncorroborated data and a lack of context about that data.

"Lack of knowledge about what is really a security threat and what needs your immediate attention is hurting the ability of IT security teams to understand and respond quickly and effectively," says Mike Paquette, VP of Security Products for Prelert. "Organisations need machine learning-based tools to cut through the clutter and detect threat activity before it becomes a problem for customers".

The full report Data Driven Security Reloaded is available to download from the Prelert website.

Photo Credit: Sergey Nivens/Shutterstock