Incident responders and threat hunters are often facing a bit of an analytical catch-22. They typically have access to more and higher fidelity data sources than ever before, yet the volume and complexity of the data can often make it hard to see the point that matters.
Learning to Whitebox the SOC-in-a-Box
Even as organizations automate their security operations with orchestration and AI, some of the most important parts of security investigations continue to depend on human analysis and talent. These critical moments in the investigation remain frustratingly slow, and need categorically different technologies that are optimized for human-in-the-loop analysis.
Security is in the midst of a transformation that is putting extreme pressure on security analysts and hunt teams. One shift that is causing teams a lot of pain in their daily work is that as threats have gotten more sophisticated, security products have gotten much less sure of themselves. Security products increasingly detect the “anomalous” and report threats on a sliding scale of confidence. Not only must staff deal with advanced threats, but they must spend an increasing amount of time navigating the grey areas and ambiguities of modern threat detections to determine and deliver the right actions.
Welcome to the Age of Maybe, where it is critical that we arm analysts for dealing with the indicators that are diverse, widespread...and uncertain.