Tools & Techniques for False Positive Analysis
For blue teams and network defenders, false positives are a common challenge, and often result in alert fatigue. A consequence of alert fatigue, according to a study conducted by Cloud Security Alliance, is that 31.9% of IT security professionals ignore alerts. Paul Asadoorian and Matt Alderman will discuss the challenges of alert overload, false positives, and the strain it places on security teams. Tarik Saleh, Senior Security Engineer from DomainTools, will explore areas where blue teams can identify false positives, methods of validating alerts, and real-world applications of these examples, including exploit kits and drive-by malware.