When SOCs never stop: How to fill the intelligence gaps in security

2020-06-01 05:30

Filling the information gap therefore involves looking at how to make the most of the data that is coming in, without paralyzing the process or relying on manual intervention.

Achieving the right security posture will instead involve looking at the data, the analysis and the real-time requirements together.

Real-time analytics is the ability to take in data and process it for people to use; continuous intelligence builds on this by providing more context, analysis and recommendations as part of that process.

For continuous intelligence purposes, the loop uses automation to pull in all the necessary data across IT assets and services, analyze the relevant information and then provide recommendations to the SOC team on what issues are worth investigating further, what may warrant watching over time, and what is effectively "Business as normal."

As security technologies and automation approaches develop, existing and new security staff will be able to handle more data and in more intelligent ways.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/bAYiUTc3c_M/

#security #SOC