During a routine vulnerability scan, a security analyst sees a clean report with no critical findings. Days later, a manual penetration test uncovers an unpatched web-server flaw that the scanner completely missed. Which term best describes this situation, where a real security issue was present but the detection tool failed to alert on it?
A false negative occurs when a security control or detection tool fails to identify a real threat or vulnerability, incorrectly indicating that the environment is safe. This leaves actual risks unaddressed until discovered by other means. A false positive is the opposite problem-safe activity flagged as malicious. A true positive is an accurate alert on real malicious activity, while false security is not a formal term in detection theory.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some common causes of false negatives in security systems?
Open an interactive chat with Bash
How can organizations reduce the risk of false negatives?
Open an interactive chat with Bash
What are the potential consequences of a false negative in cybersecurity?