Published on March 9, 2015
Another long comment inspired by Anton Chuvakin's post Who Validates Alerts Validated by Your Alert Validator Software?
Using SIEM to detect multi-dimensional threats is a cyber peep show, and no matter how many peepers you throw at it, you never get a breadth and depth of the actual performance. Yes, there are some scary talented operators that can do it with SIEM alone, but it’s because they’ve seen the show live, or read a book or something, and can relate fragments of the information observed to the big picture – not without false positives though, and with quite a bit of follow-up grepping to confirm the result.
Enter the world of 3D TV: automated analytics tools that can:
- correlate happenings across multiple domains, reducing noise and amplifying the actual threat
- take into account activities of functionally similar actors to better understand what’s really anomalous
- track and correlate activities over extended periods of time to nail low-and-slow APTs
- capture life experiences of your master peepers into reusable threat models
- detect unknown threats based on anomalous behavior, not a static signature of the attack
- learn from data to get rid of subjective thresholds and attune to your risk model
If the product requires $240K/year data scientist or $400/hour consultant to operate it, you got the wrong product. A luxury car that requires an expensive chauffeur to drive it can get the job done, sure, but we need a different product to do grocery shopping for people who can park themselves. The product that combines the expertise of its data science team with years of experience in the field and dozens of customer deployments to jump-start your cyber defense capabilities on the whole new level. The product that will allow your own team of analysts to operate on the whole new level, and tackle emerging threats instead of ever-growing queue of meaningless and mostly ignored alerts.
And when you save enough money by keeping your company safe, and your budget goes back to $$$$$ from $$, you can hire that awesome, shrink-wrapped data scientist to figure out the answer to Life, the Universe and Everything 🙂