Fingerpointing False Positives: How to Better Integrate Continuous Improvement into Security Monitoring presented at CyberCrimeCon 2019

by Desiree Sacher,

Summary : This talk explains how to bring back intelligence to Security Monitoring. In security event management, all alerts are usually reviewed and classed as either true positive or false positive. The solution presented describes ways to document the company's security state that will help initiate improvement steps, without the need to purchase yet another product but by going beyond that old classification model. By updating the analysis process, you will not only improve the company's security efficiency but also make a difference in analyst motivation by eliminating false alarms as part of a structured approach.