CodeHunter has recently launched its integration with SentinelOne to provide customers with automated detection and analysis of advanced unknown malware threats.
While it is crucial to err on the side of caution, the prevalence of false positives can have significant ramifications for cybersecurity teams and overall organizational efficiency. A false positive occurs when a security system incorrectly identifies benign activity as malicious. A cybersecurity system like an Endpoint Detection and Response (EDR) platform or a Secure Email Gateway (SEG) flags an activity as a potential threat based on predefined rules, patterns, and algorithms. Due to the ever-changing and complex nature of cyber threats these rules and patterns are not foolproof. Many rely upon an updated catalog of known threats, leaving security teams dependent on information outside of their control. The National Vulnerability Database, for example, is so inundated with new threats that 75% of vulnerabilities submitted in 2024 have yet to be processed.
Resource Drain – Investigating false positives requires time and effort. Security teams often need to manually inspect and validate each alert, a time-consuming process. This diverts resources away from investigating genuine threats and proactive security measures.
Alert Fatigue – When security personnel are bombarded with false positives, they may become desensitized to alerts. This alert fatigue can cause legitimate vulnerabilities to be missed due to the sheer volume of flagged files to process.
Operational Disruption – Frequent false positives can lead to unnecessary disruptions in business operations. For example, when a legitimate file is flagged as suspicious business productivity slows as the security team works through the more recent alerts before realizing there is no real cause for suspicion.
Reduced Trust in Security Systems – Over time, a high rate of false positives can erode trust in cybersecurity systems. Security personnel might start to ignore alerts, assuming they are false, undermining the effectiveness of their organization’s security infrastructure.
Several factors contribute to the prevalence of false positives:
Overly Sensitive Detection Rules – Security systems with highly sensitive detection rules are more likely to flag benign activities as threats. While this sensitivity can help in detecting new or evolving threats, it also contributes to a greater alert workload.
Lack of Context – Many security systems operate without the full context of user behavior and organizational norms. Without this context, distinguishing between normal and abnormal file behavior becomes challenging.
Evolving Threat Landscape – The constantly changing nature of cyber threats means that detection rules need to be continuously updated. Maintaining this pace can be difficult, leading to outdated rules that misclassify activities.
Addressing the issue of false positives requires a multi-faceted approach:
1. Improving Detection Algorithms: Advanced machine learning and artificial intelligence can enhance the accuracy of threat detection systems. By learning from historical data and contextual information, these systems can better differentiate between legitimate and malicious activities.
2. Tiered Alerting Systems: Implementing a tiered alerting system can help prioritize alerts based on their severity and likelihood of being true positives. This approach allows security teams to focus their efforts on the most critical alerts first.
3. Regular Updates and Tuning: Continuously updating and tuning detection rules based on the latest threat intelligence can help minimize false positives. Security teams should routinely review and refine these rules to adapt to the evolving threat landscape.
ISC2 notes that only 52% of cybersecurity professionals believe that their organization has the tools and people needed to respond to cyber incidents over the next 2 to 3 years. That’s not good news for security teams already struggling to keep up with the daily warnings generated. So, what can be done to make the influx of alerts more manageable?
It’s no secret that having an active cybersecurity defense system is necessary to protect organizations from rampant cyber threats. Platforms like SentinelOne scan company environments at scale, running pattern-matching algorithms with rules informed by publicly known threats, threat actors, and their tendencies. Unfortunately, this abundance of caution comes with an abundance of alerts, far more than the typical security team can handle. That’s where CodeHunter comes in. CodeHunter’s threat hunting engine automatically analyzes flagged files at scale and at speed, producing actionable intelligence in a fraction of the time it takes to manually reverse engineer malware. CodeHunter’s SentinelOne integration relieves security teams of the burden of investigating every warning to the fullest, supplying in-depth analysis to support timely response and remediation processes. Because CodeHunter doesn’t rely on pattern matching to identify malware, it properly assesses alerts raised by other systems to determine if the behavior is actually suspicious or just a false positive caught by an overly sensitive algorithm.
Learn how CodeHunter can maximize your SentinelOne investment by minimizing false positives here.
In today’s digital age, cybersecurity has become paramount for organizations of all sizes. The demand for cybersecurity professionals has surged dramatically due to the growing number and complexity of cyberattacks. But supply has not met demand, as cybersecurity is not a widely popular education choice and is commonly one of the most dropped majors in college. In 2023 there were roughly 4 million cybersecurity professionals needed worldwide. The profession needs to almost double to be at full capacity.
In the ever-evolving landscape of cybersecurity threats, phishing is one of the most pervasive- and successful- attack vectors. This technique preys on human fallibilities rather than exploiting technical vulnerabilities, making it particularly challenging to defend against. According to IBM social engineering, the use of deceptive techniques to trick individuals into divulging sensitive information, accounts for 29% of breaches.
In today’s digital age, the idea of achieving absolute cybersecurity might seem like the Holy Grail. Businesses pour millions into advanced security systems, train employees rigorously, and implement best practices to shield themselves from cyber threats. Yet, the harsh reality persists, cybersecurity breaches are inevitable. Instead of clinging to a zero-tolerance mindset, organizations must pivot towards a strategy focused on resilience and damage control. When a breach happens, and it will, an organization’s ability to restore their mission critical systems and maintain business continuity will be critical to its success.
A recent study reveals that widely available AI agents had an 87% success rate at exploiting zero day vulnerabilities. Researchers from the University of Illinois Urbana-Champaign unleashed Open AI’s latest GPT-4 on a database containing zero day vulnerabilities without existing patches or bug fixes. While the majority of open-source scanners could not even detect the vulnerabilities, the advanced chatbot was able to autonomously exploit the flaws armed only with a basic description of their characteristics. The necessary information includes the Common Vulnerabilities and Exposures (CVE) description of the flaw, as well as additional information provided through embedded links.
Zero-day malware is called such because it takes advantage of zero-day vulnerabilities, which are newly discovered flaws that have yet to be patched. The time when the vulnerability is discovered is referred to as “Day 0”. These vulnerabilities provide cyber attackers with a window of opportunity to launch their attacks, often catching victims- and their security systems- off guard. In the time that it takes for a patch to be deployed across an entire enterprise malware can already be siphoning critical information from your system.
The probability of falling victim to an advanced malware attack, including zero-day exploits, multi-part malware, and custom attacks continues to rise. Cybercriminals persist, finding new ways to find their way into “secured” corporate networks, and tools like malware-as-a-service have made it easy to launch sophisticated attacks for even the most novice of threat artists. For organizations to stay ahead of a breach, a multi-layered cybersecurity practice that combines a robust defense-in-depth strategy with cutting-edge technologies like automated threat detection and reverse engineering malware analysis is critical. Read more
Malware-as-a-service (MaaS) poses a serious threat to enterprise organizations. MaaS functions much like any other software-as-a-service you may be familiar with, and in some cases even comes with technical support. Hackers develop complex malware systems that can be easily purchased by even the most novice of cybercriminals, who can then launch sophisticated attacks against individuals and businesses. Malware-as-a-service democratizes cybercrime, providing any run-of-the-mill criminal with the expertise of an experienced hacker, drastically increasing the average strength and sophistication of a malware attack. Read more
“You have the power, the capacity, and the responsibility to raise the bar on cybersecurity,” President Joe Biden told a room full of executives and cabinet members in August. With news of spyware exposing sensitive government documents in the Homeland Security and Treasury departments — and hackers disrupting critical infrastructure, including food supply and the oil industry — leaders everywhere are using their power to level-up cybersecurity innovation, investments, and leadership.
Biden’s remarks followed a series of well-publicized attacks in late 2020 and 2021 — including interference with the 2020 elections; the SolarWinds attack; a zero-day attack at Microsoft; ransomware affecting the Colonial Pipeline Company; and a separate ransomware incident that shut down large meat processing plants at JBS.
Cybersecurity pros and solutions often remain just one step ahead of the bad guys in the ever evolving race to secure bigger, more interconnected attack surfaces. But is one step ahead far enough? Alongside the well-publicized attacks mentioned above, there’s been a 600% increase in lesser-known cyber attacks over the past few years — and they’ve been far too successful. According to Canalys, bad actors seized more records in 2020 than in the last 15 years combined.
Imagine a nationstate exponentially increasing its landmass without a large enough army to secure its borders. This is the challenge facing the digital world. More people are connected than ever before, yet the digital landscape lacks the cybersecurity workforce, tools, and laws to keep up with rising demand. In fact, according to a recent report by (ISC)², nearly three million cybersecurity jobs are currently vacant. The cybersecurity industry simply lacks qualified candidates to fill important roles.
Despite these gaps in cybersecurity, more people around the globe are moving their personal, social, and business lives online. According to McKinsey & Company, “an estimated 127 new devices connect to the Internet every second.” Innovations in technology are enabling individuals and businesses across every sector to go digital at record speed. If anyone was lagging behind prior to 2019, they likely joined the cybersphere during the Covid-19 pandemic.
When the president asks, people listen — including some of the most powerful players in the tech industry. Here’s how tech execs and government leaders responded to the president’s request to raise the bar on cybersecurity, as reported by Reuters:
New Guidelines: The White House and the National Institute of Standards and Technology (NIST) will work collaboratively with tech industry leaders to come up with new guidelines for securing software and technological innovations.
Investments From Large Companies: Industry leaders committed financial and service-based pledges to raise the bar:
Amazon will train individuals on cybersecurity free-of-charge.
Microsoft will invest $20 billion in cybersecurity over the next 5 years and help local, state, and federal governmental agencies keep their systems and networks secure.
Google will spend $10 billion on cybersecurity over the next 5 years and offer cybersecurity skills training to over 100,000 people.
IBM will train 150,000 people on cybersecurity, and focus on diversity and inclusion in the tech industry.
New Laws: Congress will work to create new laws that regulate the tech world, including new consumer protection laws and policy to regulate cybersecurity insurance companies.
CodeHunter is joining the collective effort to raise the bar on cybersecurity by making the most powerful malware detection tool ever created. Plus, CodeHunter’s groundbreaking innovation was designed specifically to help address the talent shortage — you can easily compensate for cybersecurity resource constraints by using CodeHunter to automate your malware hunting and reverse-engineering efforts.
Data breaches aim to steal confidential information — mostly for financial gain and sometimes just for the thrill of exposing organizations. Once an intruder has access to sensitive data, they may hold data for ransom or sell passwords and customers’ PII on the Dark Web.
According to the IBM Security Cost of a Data Breach Report 2021, the average cost of a data breach in 2022 is $4.24 million. But where do these totals even come from? And what other damage is done?
The IBM report breaks down the totals into four distinct categories:
$1.59 million is the average cost of lost business — including increased customer turnover, lost revenue from downtime, damaged reputation, and lost opportunities.
$1.24 million is attributed to the work that goes into detecting a breach and dealing with the immediate fallout. Specifically, this price tag includes the cost of investigation, auditing, crisis management, and internal communications.
$270,000 is the average cost of reporting the breach to customers, regulators, and outside experts.
The post-breach response drains an additional $1.14 million from the bank. Organizations face increased customer service demands, regulatory fines, and legal expenditures in the weeks, months, and even years following an attack.
While the average cost of a data breach is unsettling enough, there are additional costs to consider. Variables such as time to discovery, the number of records exposed, whether or not ransomware is a part of the attack, major legal fallouts, and ongoing losses attributed to a tarnished reputation can shutter a business overnight.
Time to Discovery: It takes 287 days for most victims to identify and contain a data breach. The longer an intruder has access to data, the more records they can steal.
The Number of Records Exposed: The average stolen customer record costs organizations $161. A mega breach of more than 50 million records costs 100x more than the average data breach — rapidly approaching half a billion dollars.
Ransomware Costs: A ransomware breach adds 10% to the total bill increasing the average cost of a data breach to $4.62 million.
Legal Repercussions: The average bill for a data breach goes up to $5.65 million at organizations with a high level of compliance failures, compared to $3.35 million where compliance failures were low. Lawsuits over data breaches are increasingly common, so tightening up security and following protocol is not just smart — it’s necessary.
Reputation: Can you put a price tag on reputation? A company’s brand and reputation drive business as much as its products and innovations. 83% of US consumers claim they keep their distance from a company that has suffered a data breach — and an additional 21% say they abandon it altogether.
As we’re seeing ransoms skyrocketing, remediation draining revenue, and public opinion becoming increasingly unforgiving, the business landscape will soon become uninhabitable for the unprepared. Educating your staff and overseeing compliance with cybersecurity protocols is critical to your business’s survival. Start with the following:
Limit access to valuable and vulnerable data: The fewer people with credentials, the less chance those credentials will be compromised.
Keep software up to date: Take inventory of each system and the updates they require. Create a routine to stay consistent.
Destroy before disposal: Before confidential materials are thrown away, be sure they’re thoroughly destroyed. Shred papers and permanently delete data from devices like laptops, phones, and old hard drives.
Educate employees on cybersecurity best practices: Use unique passwords, do not share credentials with anyone, report suspicious emails, and do not use company devices for personal use. All it takes for a malicious actor to access company software is one innocent-looking link in an email.
Create an incident response plan: The more you drill, the faster your response.
Having a playbook in place in the event of a breach can help you act quickly, minimize damage, avoid unnecessary fines, and save millions of dollars. Take care of your security systems so that they take care of you — and your revenue.
Read More: What You Need to Do After a Data Breach
