1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Detection and response, where to begin

Discussion in 'CSO' started by RSS, Sep 1, 2016.

  1. RSS

    RSS New Member Member

    Cambridge, Mass. - As the threat landscape continues to evolve, cybersecurity experts rely more on detection and incident response, making security a collaborative exercise. But, where do they start?

    Many security executives used the MASSTLC Conference as a launching point.

    Chris Poulin, research strategist of X-Force at IBM, said, "The problem is that it takes them understanding their environment. How much is too much data being downloaded or uploaded? SIEMs look at thresholds to understand policy and compliance, but they also have to have environmental knowledge. Users don’t typically up/download certain size files."

    Understanding their environment requires the manpower that most enterprises don't have right now. So how does a security team gain an understanding of their environment when they are inundated with alerts and spending their days putting out fires?

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page