The reason you often hear people say, "quality over quantity" is because, generally, it’s true. An organization could own every security tool known to mankind, each kicking out truck loads of data, but this does not necessarily mean that these organizations are well protected against security threats and attacks.
According to McAfee, as many as 20% of companies indicate that they use between 6 and 15 products to investigate and close out a security incident. Common sense dictates that we ask if all of these tools are necessary, and if they aren’t, how can we increase the quality?
Cyber Threat Intelligence Solutions
New security vulnerabilities will be discovered and new security solutions will promise to remediate the issues at hand – with varying degrees of speed and efficiency. Predictably, organizations will continually spend the money installing these new products and training employees on how to use them, but security headaches will still exist.
The Challenge Remains
An even greater challenge has been getting these disparate products to work together harmoniously so they achieve their true value.
Instead, why not consider falling back on the adage of quality? Let a security automation tool gather the truckloads of data that pile up from appliances and, when fused together with cyber threat intelligence and analyzed within the context of the actual enterprise, do the heavy lifting.
The Future of Threat Inteligence is Here Now
Next-gen cyber analytics take this one step further by automating the expert knowledge and reasoning of your senior cybersecurity analysts with AI-driven approaches that multiply their capabilities.
What CISO wouldn’t want an unlimited supply of “virtual analysts” doing the mundane work while his or her most talented analysts focus on hunting the most harmful 1% of threats?
Rather than stacking up the latest security gadgets, it may be time to thoughtfully invest in a solution that automates the analysis and correlation of these systems, sensors, events, appliances and user activity logs to separate the actionable threats from the noise, for an orchestrated response or further analysis.
Deviation from Normal Does Not Always Mean Malicious Intent
An approach to solving cybersecurity problems is to use machine learning to baseline normal behaviors so that deviations from normal can be identified. This, at first glance makes perfect sense. However...