Skip to main content
Question

Box Shield threat detection alerts

  • July 31, 2024
  • 1 reply
  • 21 views

I get a bunch of alerts that are generated through Box Shield’s threat detection feature. How should I be triaging these with my InfoSec team?

1 reply

Bskibitzke Box

Hi Kylie,   

When you receive a Shield Threat Detection alert, you have to decide which alerts represent real threats, which alerts represent no threats, and everything in between. There are 4 threat cases, but only 2 cases trigger Threat Detection alerts:

  • No threat, no alert: This is what you hope to see 100% of the time. Unfortunately, it is not representative of the real world.

  • Threat, no alert: This is what you want never to happen because this means a threat slipped through your security measures somehow.

  • No threat, alert: This is a false positive, and when you discover one, you want to take steps to receive less of them, while not allowing any increased risk of threats to your organization. You also want to minimize the time it takes to deal with false positives. Shield Threat Detection gives you information that will help make this task take less time.

  • Threat, alert: This is a threat to your enterprise that has been caught, and you should analyze and remediate the threat. Shield Threat Detection gives you information that can help you in the analysis and remediation process, increasing your security efficiency.

More information can be found HERE.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings