Tag Archives: lucky-modern

Survey: security products send average large organizations 17K malware alerts per week, only 19% of which are reliable (Robert Lemos/Ars Technica)

For anyone who has freaked out when an antivirus alert popped up on their screen and spent time researching it only to find out it was a false alarm, a recent survey will hit home. A survey of information-technology professionals published on Friday found that the average large organization has to sift through nearly 17,000 malware alerts each week to find the 19 percent that are considered reliable. The efforts at triage waste employees’ time—to the tune of a total estimated annual productivity loss of $1.3 million per organization. In the end, security professionals only have time to investigate four percent of the warnings, according to the survey conducted by the market researcher Ponemon Institute. The survey results show the problems posed by security software that alerts for any potential threat, says Brian Foster, chief technology officer of network-security firm Damballa, the sponsor of the research. “At the end of the day, all of these security products are spitting out more alerts than humans have time to deal with,” Foster said. “And at the end of the day, if your software is overwhelming the analysts, you are part of the problem, not part of the solution.” The deluge of unreliable alerts—a problem known in the industry as “false positives”—is a well-known issue for many types of security systems. Typically, security-conscious users and IT security professionals have a choice: turn on more features in their security products and deal with the increased alerts or disable features and risk missing a real attack. Unfortunately, companies often choose the latter. But even when security professionals choose the most stringent options, the increase in unreliable alerts overwhelms users and those responsible for IT security. Instead of investigating every warning, they are trained to ignore the warnings. In 2013, for example, when cybercriminals broke into Target’s systems and loaded malware, the company’s FireEye security system issued an alert for the activity, but the company ignored the alerts. As a result, a District Court judge in Minnesota has given the go-ahead for banks to sue the retailer

Read More »