Glossary

A false positive is a security alert indicating a threat or vulnerability that does not actually exist. IT security teams must investigate alerts to determine if it is legitimate and take appropriate action if so. A large number of false positives consumes significant time and resources, contributing to cybersecurity costs. Sometimes, dealing with many false positives causes security teams to miss more serious and legitimate threats.

Your enterprise is aware of the risks it assumes when working with a third-party vendor. But what about the vendors used by those third parties? They have their own digital supply chain of vendors, IT infrastructures, dependencies, and resources. And each element in these supply chains exposes you to more and more potential risk. Multiply that by the number of vendors you know of (and then the vendors you don’t know about), and you’ll discover your external attack surface extends farther than you imagine.