The reason you often hear people say, “quality over quantity” is because, generally, it’s true. An organization could own every security tool known to mankind, each kicking out truck loads of data, but this does not necessarily mean that these organizations are well protected against security threats and attacks.
According to McAfee, as many as 20% of companies indicate that they use between 6 and 15 products to investigate and close out a security incident. Common sense dictates that we ask if all of these tools are necessary, and if they aren’t, how can we increase the quality?
Cyber Threat Intelligence Solutions
New security vulnerabilities will be discovered and new security solutions will promise to remediate the issues at hand – with varying degrees of speed and efficiency. Predictably, organizations will continually spend the money installing these new products and training employees on how to use them, but security headaches will still exist.
The Challenge Remains
An even greater challenge has been getting these disparate products to work together harmoniously so they achieve their true value.
Instead, why not consider falling back on the adage of quality? Let a security automation tool gather the truckloads of data that pile up from appliances and, when fused together with cyber threat intelligence and analyzed within the context of the actual enterprise, do the heavy lifting.
The Future of Threat Inteligence is Here Now
Next-gen cyber analytics take this one step further by automating the expert knowledge and reasoning of your senior cybersecurity analysts with AI-driven approaches that multiply their capabilities.
What CISO wouldn’t want an unlimited supply of “virtual analysts” doing the mundane work while his or her most talented analysts focus on hunting the most harmful 1% of threats?
Rather than stacking up the latest security gadgets, it may be time to thoughtfully invest in a solution that automates the analysis and correlation of these systems, sensors, events, appliances and user activity logs to separate the actionable threats from the noise, for an orchestrated response or further analysis
Written by Shawn Riley
Shawn Riley serves as the Chief Visionary Officer and Technical Advisor to the CEO for DarkLight.ai. Shawn also volunteers as the Executive Vice President, Strategic Cyberspace Science and Board of Directors member at the non-profit Centre for Strategic Cyberspace + Security Science in London, England, UK. Shawn is an industry thought leader in the NSA's Science of Security virtual organization with a focus on applied cybersecurity science and AI-driven science in security operations.