Detection and filtering of false positives

False positives

Detection and filtering of false positives

Currently, virtually all organizations experience false positives in their simulation campaigns. However, not everyone is aware of this issue.

A false positive is a statistic generated by software but recorded under an user's name.

The problem

False positives can be caused by:

Corporate security tools that analyze or intervene in the organization's emails.

Security tools present on personal devices that the user uses to check corporate email.

Any other software present on the device (corporate or personal), browser and application used to check corporate email.

Examples of software tools that can cause false positives:

The previous list is not exhaustive.

The origin of false positives is very broad and constantly changing. For this reason, it's neither possible nor practical to generate a complete list.

How to avoid false positives?

To avoid false positives in some tools, you can try implementing Whitelists. The primary goal of a Whitelist is to ensure that the user receives simulation emails in their inbox. An additional benefit is that it can help reduce false positives generated by certain tools.

However, it's clear that it's very challenging to cover all possible origins of statistics generated by software through Whitelists alone. Moreover, even with Whitelisting, there are tools that still analyze emails. Therefore, in these cases, it may not be possible to completely avoid false positives.

The solution

SMARTFENSE allows obtaining reliable results in simulation campaigns since it features a robust false positive detection algorithm.

Any affected campaign is highlighted so that the administrative user is aware of the situation.

Additionally, specific reports are provided to help understand the origin of the statistics generated by the software.

These reports enable intelligence activities on the campaign and allow for adjusting the detection parameters of SMARTFENSE.

Custom detection

While the platform's detection algorithm is constantly being updated and improved, it's always beneficial to allow organizations some customization. Each organization has its own unique circumstances, so with SMARTFENSE, it's possible to adapt even the false positive detection logic to cover any specific cases within the organization.

Clean and reliable results

The best part about SMARTFENSE detecting false positives is that they don't appear in the campaign results. This way, the statistics and audit logs of the simulations are reliable and contain only what we care about: the actual user interactions.

Articles on Detection and Filtering of False Positives in the Cybersecurity Blog

False positives in simulations are here to stay. It is a reality faced by virtually all organizations that simulate Phishing, Smishing and Ransomware.

The problem is independent of the tool used. The solution? That’s a different story.

The objective of this workshop is not only to show the functionality differential of SMARTFENSE from its competitors, hiding software-affected statistics (false positives), but also explaining the whole context in which sending simulations is no longer such a simple and straightforward task today due to the complexity of technologies found in customer infrastructures.

Whitelist process is used, among other things, to prevent security tools from interacting with Phishing simulation emails generating statistics on behalf of users (false positives). You can refer to that post to learn more about software-generated statistics.