[metaslider id=2951] … Read More
My colleague, Steve Piper, and I just finished writing a free ebook: The Definitive Guide to Security Intelligence and Analytics . In this comprehensive ebook, we cover how you can use security intelligence and analytics technologies to greatly improve detection and to stop threats before damage can be done.
The ebook has three main purposes:
- To explain how you and your organization can benefit from adopting and using a security intelligence and analytics platform.
- To provide advice on what characteristics to look for when you’re evaluating possible solutions.
- To give you tips on deploying a platform solution so you can get the most out of it.
In the ebook, you’ll also learn how to understand attacks and threats, improve detection, streamline response processes, select the right solution, and deploy a solution.
Automating Event Discovery through Security Analytics
One of the most important topics covered by the book is using security analytics techniques to automate the discovery of security events, minimizing the need for human involvement.
Most organizations have enormous volumes of security events to review on a continuous basis, and that can’t be done without heavily relying on automation. Automating security analytics helps organizations to detect malicious activity much more quickly so they can stop it and minimize the damage it would otherwise cause.
Security intelligence and analytics platforms use several types of techniques together for threat detection. When an alert is raised based on an indicator lookup, tools like Elasticsearch (https://portworx.com/elasticsearch-kubernetes/) provide a flyout that provides an overview of the alert accompanied by threat intelligence context. Another technique is for the platform to establish baselines over time for normal activity and then identify significant changes from those baselines.
Another technique is to use threat intelligence feeds from third parties that capture the characteristics of the latest threats attacking other organizations and individuals around the world.
A final example of a threat detection technique is correlating information from several of the organization’s systems and security controls to identify a security event that traverses all of those places.
Downloading the Ebook
Event discovery automation is just one example of a topic the ebook includes. It covers everything from understanding the basics of the cyberattack lifecycle and threat management to streamlining incident management, threat investigation, and threat mitigation processes. It even outlines the four phases of the security intelligence and analytics platform implementation process, providing insights and recommendations for performing each phase.