New Cyber Defense Brand DeepSeas to Unite Newly Acquired Commercial Managed Threat Services Business from Booz Allen Hamilton with Security On-Demand. Learn More

The Problem with False Positive Alerts

False positive alerts cost enterprises an average of $1.3M annually. Beyond financial loss, a recent study found that nearly half of all cybersecurity alerts are false positives, and 75% of companies spend an equal amount of time, or more, on them than on actual attacks. Why? Mid-size businesses often lack the expertise, team and tools to review and prioritize an overwhelming volume of alerts, which results in missed alerts on real threats. Security On-Demand’s approach to this problem is to look holistically at the threat and data ecosystem to understand how application of different threat detection models reduce false positives.

Our Approach includes 4 Detection Models that decrease False Positive Alerts

The Threat Ecosystems shown in Diagram 1 portrays how threat detection models must rely on data access to function. These include:

  • Static Rules Analysis from rules-based engines, like a SIEM, which finds significantly fewer advanced threats
  • Behavioral Analysis Methods for asset, network, and user anomalies.
  • Machine Learning applications for detecting advanced threats and indicators.
  • Advanced Use Cases: Autonomic Cyber Security or ACS applies advanced threat detection based upon the human bio-immune system or T-Cell approach.

How Data Access Works with the 4 Detection Models to Decrease False Positives

Threat applications rely on the various threat detection models to perform their interpretation, and the detection models themselves are driven by data access. When this access is constrained, time to detection increases and more false positives are generated to adjust the models for performance over accuracy (such as when the machine-learning model becomes “overfit”).

Security On-Demand solves this core issue with its AQ Technology that serves as the data access interface between the database(s) and threat models used by the application. When the different threat analysis layers/models have unrestrained access to the data they analyze, the alerts generated are fewer and more accurate, giving everyone more time to investigate and remediate.


We’ve spent over a decade developing and tinkering with the 4 Detection Models with unlimited Data Access in our ThreatWatch® platform. Our team of amazing Data Scientists and Cyber Security Experts have combined the power of 24×7 Advanced Security Operations Center with the intelligence of the 4 Detection Models to bring you the most accurate security alerts. If you’d like to learn more about how we can quickly identify threats in your environment, feel free to reach out to us at

About Security On-Demand

Security On-Demand (SOD) provides 24×7 advanced cyber-threat detection services for mid-market companies and state or local government agencies.  SOD’s patented, behavioral analytics technology platform, ThreatWatch® enables the detection of advanced threats that help protect brand value and reduce the risk of a data breach.  Headquartered in San Diego, California with R&D offices in Warsaw Poland, SOD services and protects hundreds of brands globally and is the winner of multiple industry awards.  Please visit us at Find us on LinkedIn and follow us on Twitter @SecurityOnDmand.