Discussions about false positives seem to be hotting up again. Often, solutions are proud to provide their customers with a “low false positive” rate. Alas each and every error is a costly one. Every false positive incurs the financial cost of an investigation – or the risk of ignoring it. I won’t go into the economics of it here (but a white paper is available discussing the cost of false alarms to a business). The reality of a false positive is that the continued annoyance results in the trust in the security device to seep away., False alarms desensitize us all (consider a car alarm going off in a car lot – we rarely take any notice of them). Worse still is simply turning off the cause of the alarm (most likely a signature put in place to protect) – and then the protection itself has gone!
However many false positives we receive, it is human nature to assume that “at least it is stopping all the bad things”. If the burglar alarm continues to squeal, surely it is keeping out the burglars. The unfortunate truth is that false negatives should be given the highest priority. Security systems that allow attacks through without alarming hide a huge risk.
When you are considering a system with a “low false positive” rate -- don’t forget to ask about their false negative rate. That is the one that determines whether the system provides any security at all!