{"id":3211,"date":"2020-10-28T15:32:10","date_gmt":"2020-10-28T19:32:10","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=3211"},"modified":"2020-10-28T15:32:10","modified_gmt":"2020-10-28T19:32:10","slug":"3-ways-to-mitigate-false-positives-in-your-siem","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/3-ways-to-mitigate-false-positives-in-your-siem\/","title":{"rendered":"3 Ways to Mitigate False Positives in Your SIEM"},"content":{"rendered":"

\"3<\/p>\n

What are three ways to mitigate false positives in your business\u2019 SIEM?<\/span><\/p>\n

Perhaps the greatest challenge to successful SIEM stems from false positives. As part of SIEM\u2019s process, the solution collects and aggregates data from across the IT environment. Then, the solution normalizes the data to allow for easier threat analysis. If the solution detects a security event, it sends a security alert to your security team.\u00a0<\/span><\/p>\n

On the surface, these alerts can foster speedy investigations and thus faster threat mitigation. However, SIEM on its own can struggle to distinguish between normal or non-suspicious activity and malicious activity. In these cases, the solution generates a false positive alert.\u00a0<\/span><\/p>\n

False positives may not seem like a major obstacle in theory, but in practice, it can create headaches. They can waste valuable investigation time and increase team-member burnout (which can seriously hamper your efforts to staff your security team). Additionally, false positives can bury actual leads under piles of digital garbage.<\/span><\/p>\n

What can your enterprise do to mitigate false positives in your SIEM<\/a>?\u00a0<\/span><\/p>\n


Widget not in any sidebars
<\/span><\/p>\n

How to Mitigate False Positives<\/b><\/h2>\n

1. Contextualization\u00a0<\/b><\/h3>\n

Contextualization works to clarify which alerts are false positives and which are in fact legitimate threats. It does so simply by performing what its name implies; it puts the alert into context.\u00a0<\/span><\/p>\n

Contextualization not only describes the suspicious activity in the alert but also the individuals involved, the time and digital location of the activity, and any relevant circumstances. This can help IT security teams sort through the alerts quickly and only follow up on relevant leads. Better yet, you can set your SIEM\u2019s rules to automatically eliminate these alerts before they arrive on your team\u2019s desks. Therefore, it can mitigate false positives before they ever arrive.\u00a0\u00a0<\/span><\/p>\n

2. User and Entity Behavioral Analysis (UEBA)<\/b><\/h3>\n

UEBA establishes baselines for all of your users, whether human or non-human. Once the solution knows what behaviors represent \u201ctypical\u201d activities, it knows which behaviors represent the opposite.\u00a0<\/span><\/p>\n

Therefore, alerts that note a deviation from baselines behaviors can help your IT team prioritize which alerts need more immediate investigations. While this still requires some manual investigations and false positives could still crop up (users could act abnormally due to temporary projects), it reduces the number significantly.\u00a0<\/span><\/p>\n

3. Modifying Your Rules<\/b><\/h3>\n

SIEM operates based on the rules your IT security team creates and maintains. While it can feel tempting to just set-and-forget your cybersecurity, you can\u2019t. No cybersecurity operates without human intelligence and attention.<\/span><\/p>\n

To mitigate false positives, you need to make sure your SIEM rules fit with your IT environment and your business priorities. For example, trying to draw logs from throughout the entire environment can overwhelm your IT security team. Additionally, rules which find security events in ordinary activities must change or bury your team in false leads.\u00a0<\/span><\/p>\n

To learn more about how to mitigate false positives in your SIEM, check out our relevant Buyer\u2019s Guide<\/a>. We cover the top solutions providers and their key capabilities in detail. Also, we provide a Bottom Line Analysis of each vendor and essential market facts.\u00a0<\/span><\/p>\n


Widget not in any sidebars
<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

What are three ways to mitigate false positives in your business\u2019 SIEM? Perhaps the greatest challenge to successful SIEM stems from false positives. As part of SIEM\u2019s process, the solution collects and aggregates data from across the IT environment. Then, the solution normalizes the data to allow for easier threat analysis. If the solution detects […]<\/p>\n","protected":false},"author":41,"featured_media":2605,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[551,1],"tags":[353,1172,95,145,1188,112,86,21,57,22,280],"acf":[],"yoast_head":"\n3 Ways to Mitigate False Positives in Your Business SIEM<\/title>\n<meta name=\"description\" content=\"What are three ways to mitigate false positives in your business\u2019 SIEM? We cover the top tactics and capabilities in detail.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/3-ways-to-mitigate-false-positives-in-your-siem\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"3 Ways to Mitigate False Positives in Your Business SIEM\" \/>\n<meta property=\"og:description\" content=\"What are three ways to mitigate false positives in your business\u2019 SIEM? We cover the top tactics and capabilities in detail.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/3-ways-to-mitigate-false-positives-in-your-siem\/\" \/>\n<meta property=\"og:site_name\" content=\"Best Information Security SIEM Tools, Software, Solutions & Vendors\" \/>\n<meta property=\"article:published_time\" content=\"2020-10-28T19:32:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/06\/managed-security-mod.png\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"450\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Ben Canner\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/3-ways-to-mitigate-false-positives-in-your-siem\/\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/3-ways-to-mitigate-false-positives-in-your-siem\/\",\"name\":\"3 Ways to Mitigate False Positives in Your Business SIEM\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/3-ways-to-mitigate-false-positives-in-your-siem\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/3-ways-to-mitigate-false-positives-in-your-siem\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/06\/managed-security-mod.png\",\"datePublished\":\"2020-10-28T19:32:10+00:00\",\"dateModified\":\"2020-10-28T19:32:10+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"What are three ways to mitigate false positives in your business\u2019 SIEM? We cover the top tactics and capabilities in detail.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/3-ways-to-mitigate-false-positives-in-your-siem\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/security-information-event-management\/3-ways-to-mitigate-false-positives-in-your-siem\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/3-ways-to-mitigate-false-positives-in-your-siem\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/06\/managed-security-mod.png\",\"contentUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/06\/managed-security-mod.png\",\"width\":800,\"height\":450,\"caption\":\"3 Ways to Mitigate False Positives in Your SIEM\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/3-ways-to-mitigate-false-positives-in-your-siem\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"3 Ways to Mitigate False Positives in Your SIEM\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\",\"name\":\"Best Information Security SIEM Tools, Software, Solutions & Vendors\",\"description\":\"Buyer's Guide and Best Practices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"3 Ways to Mitigate False Positives in Your Business SIEM","description":"What are three ways to mitigate false positives in your business\u2019 SIEM? We cover the top tactics and capabilities in detail.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/security-information-event-management\/3-ways-to-mitigate-false-positives-in-your-siem\/","og_locale":"en_US","og_type":"article","og_title":"3 Ways to Mitigate False Positives in Your Business SIEM","og_description":"What are three ways to mitigate false positives in your business\u2019 SIEM? We cover the top tactics and capabilities in detail.","og_url":"https:\/\/solutionsreview.com\/security-information-event-management\/3-ways-to-mitigate-false-positives-in-your-siem\/","og_site_name":"Best Information Security SIEM Tools, Software, Solutions & Vendors","article_published_time":"2020-10-28T19:32:10+00:00","og_image":[{"width":800,"height":450,"url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/06\/managed-security-mod.png","type":"image\/png"}],"author":"Ben Canner","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/3-ways-to-mitigate-false-positives-in-your-siem\/","url":"https:\/\/solutionsreview.com\/security-information-event-management\/3-ways-to-mitigate-false-positives-in-your-siem\/","name":"3 Ways to Mitigate False Positives in Your Business SIEM","isPartOf":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/3-ways-to-mitigate-false-positives-in-your-siem\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/3-ways-to-mitigate-false-positives-in-your-siem\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/06\/managed-security-mod.png","datePublished":"2020-10-28T19:32:10+00:00","dateModified":"2020-10-28T19:32:10+00:00","author":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"What are three ways to mitigate false positives in your business\u2019 SIEM? We cover the top tactics and capabilities in detail.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/3-ways-to-mitigate-false-positives-in-your-siem\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/security-information-event-management\/3-ways-to-mitigate-false-positives-in-your-siem\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/3-ways-to-mitigate-false-positives-in-your-siem\/#primaryimage","url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/06\/managed-security-mod.png","contentUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/06\/managed-security-mod.png","width":800,"height":450,"caption":"3 Ways to Mitigate False Positives in Your SIEM"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/3-ways-to-mitigate-false-positives-in-your-siem\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/security-information-event-management\/"},{"@type":"ListItem","position":2,"name":"3 Ways to Mitigate False Positives in Your SIEM"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website","url":"https:\/\/solutionsreview.com\/security-information-event-management\/","name":"Best Information Security SIEM Tools, Software, Solutions & Vendors","description":"Buyer's Guide and Best Practices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/3211"}],"collection":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/comments?post=3211"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/3211\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media\/2605"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media?parent=3211"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/categories?post=3211"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/tags?post=3211"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}