If I’ve heard it once, I’ve heard it one thousand times. Traditional security controls are no longer effective at blocking cyber-threats so enterprise organizations are deploying new types of security defenses and investing in new tools to improve incident detection and response.
Unfortunately, this can be more difficult than it seems. Why? Effective Incident detection and response depends upon security analytics technology and this is where the confusion lies. It turns out that there are lots of security analytics tools out there that approach this problem from different angles. Given this reality, where the heck do you start?
Based upon lots of qualitative and quantitative research, I’m finding that many large organizations with experienced security teams tend to jump into security analytics by focusing their effort on the network for several reasons: