A company has deployed a system that logs suspected theft when employees send files to external resources. Routine transfers trigger numerous notifications, overwhelming analysts. Which next step best addresses this situation without weakening defensive measures?
Block external file transfers for a majority of users
Raise detection thresholds across the organization
Refine detection settings for specific teams with recognized work patterns
Divert logs to a separate system for historical analysis
Refining detection rules for relevant teams ensures that legitimate workflows do not overwhelm analysts, yet atypical activities still trigger alerts. Raising thresholds for the organization overlooks genuine risks. Blocking file transfers for a majority of users hinders normal tasks. Redirecting logs to another system gathers records but does not address the source of false notifications.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does refining detection settings mean?
Open an interactive chat with Bash
How do false positives affect a company's security operations?
Open an interactive chat with Bash
Why not block external file transfers for most users?