Analysts in security teams make decisions all day in their investigations that impact the security of the entire organization: Where should I look next? What should I do about this alert? Is this even dangerous?
The better we can arm analysts with additional information, context, and situational awareness, the more informed their decision-making will be. But due to the dizzying scales of alerts and associated data occurring in a typical enterprise, decision making needs to scale.
Generally, the faster you are at making decisions and taking action against a threat, the less likely you are to be breached and the more likely you are going to be able to stop merely reacting and move into a proactive approach with your team. Today, teams are automating mass amounts of data, but are not yet able to refine that data into intelligence suitable for decision making.
Security
via https://www.aiupnow.com
Help Net Security, Khareem Sudlow
