Improving threat detection efficacy and the operational efficiency of doing so has been at odds due to a number of factors including how the adoption of cloud services and worker mobility has expanded the attack surface area, the acute shortage of cybersecurity skills, and the proclivity to employ a series of disparate, disintegrated point tools. These tools include sensors that provide telemetry across the network, endpoints, and the cloud correlated, and when enriched with external threat intelligence, can enable incident response, automated security operations, and threat hunting use cases. But the lack of a reference architecture to engineer how the elements of federated platforms enable such use cases makes these capabilities available for only the most well-resourced organizations. In this video my colleague Jon Oltsik and I discuss how a Security Operations and Analytics Platform Architecture (SOAPA) can help organizations integrate previously siloed tools into a coordinated solution that enables them to shorten time to detection and streamline response.
Doug Cahill, on Jan 18, 2017