Cyber security analysts are overwhelmed with the pressure of keeping their companies safe. Not only do they need to filter through countless alerts, many of which turn out to be false positives, but also the volume of real threats is growing exponentially. They quickly need to triage and move on, stopping the most pressing threats – but not always the most dangerous. Cyber analysts need a new, holistic approach to threat detection that monitors, analyzes and cross-references data across multiple dimensions to help them detect complex threats as early as possible.
Here’s what you need to consider when adopting an automated investigation environment, with assistance from Noam Rosenfeld, senior vice president of research and development at Cyber Intelligence Solutions, Verint Systems and former head of cyber defense department in the IDF.