1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IDG Contributor Network: Threat intelligence overload

Discussion in 'CSO' started by RSS, Apr 22, 2016.

  1. RSS

    RSS New Member Member

    In computer forensics terms, Indicators of Compromise (IoC) artifacts, such as IP addresses, domain names, email addresses, or URLs observed in log data and placed in a SIEM can be correlated to IoCs in the threat intelligence data. These matches indicate a possible serious computer compromise and intrusion.

    Today’s number of “active” IoCs seen in threat intelligence data, though, are now 25 million and growing at a rate of 39 percent a month, according to Anomali (formerly ThreatStream) CEO Hugh Njemanze.

    "Today’s security information and event management (SIEM) tools were never meant to perform correlation on this scale. Those organizations that try end up with searches that never start, never finish, affect other search and reporting capabilities, and in some cases, results in data base corruption," Njemanze said.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page