Study Finds Security Analytics Significantly Decrease False Alerts

EMA Research study identifies security analytics as most effective approach to uncover threats; 90 percent of respondents using security analytics report a reduction in false alerts

PASADENA, Calif.--()--A study by EMA Research found that organizations using security analytics and threat analytics are nearly two times as confident of detecting security issues and 90 percent report reduced false alerts compared to those not using these tools. The study titled “The Evolution of Data Driven Security” investigated how security and IT practitioners at all levels and in a variety of industries are managing the ever increasing data volumes and diversity.

“Protecting organizations from security threats has grown in complexity and effort. Whether it is measured by the rising number of threats, the unending number of alerts, or the high percentage of false positives, security teams are struggling”

“Protecting organizations from security threats has grown in complexity and effort. Whether it is measured by the rising number of threats, the unending number of alerts, or the high percentage of false positives, security teams are struggling,” said David Monahan, Research Director, EMA Research. “This report indicates that the most effective tool in the security team’s arsenal is security analytics / threat analytics. The study showed enthusiastic usage of security analytics / threat analytics by 38 percent of the respondents, who are indicating that these tools are improving their detection and response times, lowering the number of false positives, and increasing their confidence in being able to handle serious security threats.”

Based on more than 200 security and IT respondents, the research analyzed various aspects of 13 security technologies used in security management. These technologies included both traditional security tools such as web security gateways, network access control (NAC) and security incident and event management (SIEM), as well as many recently introduced approaches, such as advanced persistent threat (APT) / advanced targeted attack (ATA) detection, cloud application security and advanced security analytics (SA) or threat analytics (TA).

Highlights of the survey results:

  • Reduction in false alerts: Ninety percent of organizations who use security analytics have seen a decrease in false alerts or an improvement in actionable alerts by security personnel.
  • Faster recovery: Organizations who use security analytics / threat analytics are twice as likely to recover in minutes from unplanned incidents compared to those who don’t use analytics.
  • Decrease in frequency and duration of investigations: Organizations who use security analytics / threat analytics are more than 50 percent more likely to have experienced reduced frequency and duration of investigations compared to those who don’t use analytics.

“The EMA security study reaffirms the significant value that our EnCase Analytics customers gain from its ability to offer rapid detection of advanced persistent threats (APTs) hiding in the enterprise. With deep and enterprise-wide endpoint visibility, EnCase Analytics customers are able to proactively hunt for APTs by detecting anomalous activity and pinpointing signs of security threats early,” said Alex Andrianopoulos, vice president, Marketing for Guidance Software. “As organizations gain a better understanding of the value of security analytics to recover faster, decrease the number and frequency of investigations and significantly reduce false positives, we expect usage of these tools to increase.”

Security analytics users are better prepared to battle today’s cyber threats, both inside and outside of the company. The survey also found a correlation between establishing comprehensive baselines and responding to incidents based on assets at risk. As a result, the EMA Research study showed that using security and threat analytics increased the confidence of detecting important security incidents, accelerated response times and reduced false positives.

About Guidance Software
Guidance Software is recognized worldwide as the industry leader in endpoint investigation solutions for security incident response and forensic analysis. Its EnCase® Enterprise platform, deployed on an estimated 20 million endpoints, is used by more than 70 percent of the Fortune 100 and more than 45 percent of the Fortune 500, and numerous government agencies, to conduct digital investigations of servers, laptops, desktops and mobile devices. Built on the EnCase Enterprise platform are market-leading cyber security and electronic discovery solutions, EnCase® Cybersecurity, EnCase® Analytics, and EnCase® eDiscovery. They empower organizations to conduct speedy and thorough security incident response, reveal previously hidden advanced persistent threats or malicious insider activity, perform sensitive data discovery for compliance purposes, and respond to litigation discovery requests. For more information about Guidance Software, visit

EnCase®, EnScript®, FastBloc®, EnCE®, EnCEP®, Guidance Software™, Tableau™ and EnPoint™ are registered trademarks or trademarks owned by Guidance Software in the United States and other jurisdictions and may not be used without prior written permission. All other trademarks and copyrights referenced in this press release are the property of their respective owners.



Guidance Software
Brigitte Engel, 626-229-9191
Ross Levanto/Davida Dinerman


Guidance Software