Free Book - External Exposure & Attack Surface Management for Dummies
A false negative occurs when a cyber threat or attack passes through scanning and protection software undetected. There are a number of reasons a false negative happens: the attack is dormant, it is a highly sophisticated file-less threat or one capable of lateral movement, or the security infrastructure lacks the technological capabilities to detect the attack.
False negatives are serious security threats capable of evading technologies like next-gen firewalls, antivirus software, and EDR platforms looking for “known” attacks, and malware.
False negatives can also occur easily in attack surface management when assets that should be tested are not found in or are incorrectly excluded from the attack surface.