Today’s security event monitoring and correlation tools are under enormous pressure. Security Analysts are inundated with data, but rather than being given insight, it is more difficult than ever to sort through and locate the real events that need attention. The next generation of security tools purports to process much larger and a greater variety of data sets, run deep-dive analytics in real-time, and rely more on intelligence than attack signatures. But what does this actually mean?
How do I collect the right data?
What kinds of new detections can I do?
How do I get enough context to overcome false positives?
How do I automate more of my security intelligence, or the intelligence of others?
What should I look for in a solution?
How is this different from my SIEM, IDS/IDS, and Advance Malware Detection products?
These, and other questions, will be addressed to shed light on what has quickly become a market space of tremendous promise, but currently shrouded in confusion.