What is the impact of false positive alerts on business compared to true positive?
A.
True positives affect security as no alarm is raised when an attack has taken place, while false positives are alerts raised appropriately to detect and further mitigate them.
B.
True-positive alerts are blocked by mistake as potential attacks, while False-positives are actual attacks Identified as harmless.
C.
False-positive alerts are detected by confusion as potential attacks, while true positives are attack attempts identified appropriately.
D.
False positives alerts are manually ignored signatures to avoid warnings that are already acknowledged, while true positives are warnings that are not yet acknowledged.
False-positive alerts are alerts that are triggered by benign or normal network traffic and are mistakenly identified as malicious. False positives can have a negative impact on business as they may consume the resources and time of the security team that need to analyze and verify them. True-positive alerts are alerts that correctly identify malicious traffic or activity and require proper incident response procedures. True positives can help the security team to quickly detect and mitigate threats and minimize the damage to the organization. References := Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, page 92; [Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide], page 98
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit