Corporates lose more than $1.3 million to False Positive

BANGALORE, INDIA: According to the Ponemon Institute, companies are losing more than $1.3 million to a loophole called False Positive every year, and another 20, 000 plus hours of dedicated manpower assigned with the task of dealing with these false positives.

Till date, false positive continues to thrive as the most infamous loophole in the application defense mechanisms. Indusface has issued a warning elaborating on the vulnerability and potential risks of this flaw.

False positives are like false alarms; they occur when security software reports a vulnerability or security issue that does not exist in reality.

A WAF typically follows certain rules to distinguish the threats from real interactions. But often due to flawed logic or generic signature writing, WAF might prevent genuine interactions with the server. Too many false positives also make the data misleading and cumbersome, and frequent false positive instances lead to loss of valuable traffic.

Not only does a false positive cost in terms of time and money, but it also leads to loss of business as it prevents potential customers and business opportunities from coming your way. With e-commerce sites and online-focused companies, the damage could be even greater as it affects brand reputation, customer loyalty, and conversion of business leads.

Indusface believes that identifying a how a WAF handles false-positives has everything to do with its accuracy and its abilities in blocking accurately your highest risks first.

Going back to the security guard analogy, if there is a known threat from a person who should not be allowed to enter your premises, some sort of identification like a photograph will help the watchman perform better.

Of course, then there can be more advanced options like identification information, biometrics, and DNA fingerprinting. Additionally, WAF's accuracy and efficiency has everything to do with its security effectiveness too.